Edit Identity


The attributes that can be requested to and returned from an Identity Provider are determined here.


Subject configuration

  • Subject Attribute
    Defines which user attribute is used to identify the user at the Identity Provider
  • Look-up Principle
    When this is enabled, After the user is authenticated the user (principal) will also be queried from the IDHub user repository, and any known attribute values (that were still empty) will be added to the session.
    Non-empty attributes will not be updated, unless the attribute type has the "override" property
  • Auto-Provision Principal
    Auto-provisioning is the process of creating or updating a principal in our TB-IDP, if the subject attribute does not yet exist.  

More information on Principal Lookup & Provisioning in this article

User Attributes

This is used to map the IDP's attribute labels to IDHub's attributes (eg. "Email" vs "E-mail")

  • Identity Provider user attribute: the string that is used by the Identity Provider to describe this attribute.
  • User attribute: The attribute defined by IDhub.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.