The attributes that can be requested to and returned from an Identity Provider are determined here.
Defines which user attribute is used to identify the user at the Identity Provider
When this is enabled, After the user is authenticated the user (principal) will also be queried from the IDHub user repository, and any known attribute values (that were still empty) will be added to the session.
Non-empty attributes will not be updated, unless the attribute type has the "override" property
- Dynamic Lookup: Will search the entire user database for a match
- Static Lookup: requires that the Identity of this user is "linked (see: "Linking Identities")
- Lookup in Active Directory: Will lookup this user in the selected Active Directory (requires Technical Username & Password to be filled in).
Auto-provisioning is the process of creating or updating a principal in our TB-IDP, if the subject attribute does not yet exist.
More information on Principal Lookup & Provisioning in this article
This is used to map the IDP's attribute labels to IDHub's attributes (eg. "Email" vs "E-mail")
- Identity Provider user attribute: the string that is used by the Identity Provider to describe this attribute.
- User attribute: The attribute defined by IDhub.