PingOne automatically populates required SAML attributes.

For Microsoft 365, the required attributes are:

  • subject: maps to the userPrincipalName Active Directory attribute.
  • guid: maps to the objectGUID Active Directory attribute.
    Note: Microsoft has updated the default sourceAnchor attribute to use ms-DS-consistencyGUID by default. To determine which option is best for your organization, see Azure AD Connect: Design concepts in the Microsoft documentation.
  1. To add an additional optional attribute, click Add new attribute.
  2. In the Application Attribute field, enter the attribute name as it appears in the application.
  3. In the Identity Bridge Attribute or Literal Value field, choose one of the following:
    • To map to the application attribute: Enter or select a directory attribute.
    • To assign to the application attribute: Select As Literal, then enter a literal value.
  4. To create advanced attribute mappings, click Advanced.

    For more information, see Create advanced attribute mappings.

Click Continue to Next Step.