Edit Identity


The attributes that can be requested to and returned from an Identity Provider are determined here.


Subject configuration

  • Subject Attribute
    Defines which user attribute is used to identify the user at the Identity Provider
  • Look-up Principle
    When this is enabled, After the user is authenticated the user (principal) will also be queried from the IDHub user repository, and any known attribute values (that were still empty) will be added to the session.
    Non-empty attributes will not be updated, unless the attribute type has the "override" property
    • Dynamic Lookup: Will search the entire user database for a match
    • Static Lookup: requires that the Identity of this user is "linked (see: "Linking Identities")
    • Lookup in Active Directory: Will lookup this user in the selected Active Directory (requires Technical Username & Password to be filled in).
  • Auto-Provision Principal
    Auto-provisioning is the process of creating or updating a principal in our TB-IDP, if the subject attribute does not yet exist.  

More information on Principal Lookup & Provisioning in this article

User Attributes

This is used to map the IDP's attribute labels to IDHub's attributes (eg. "Email" vs "E-mail")

  • Identity Provider user attribute: the string that is used by the Identity Provider to describe this attribute.
  • User attribute: The attribute defined by IDhub.
Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.