iGrafx Process360 Live
Breadcrumbs

Auto create users with SAML over ADFS

When users need to be created automatically when accessing the platform for the first time post authentication.

Step-by-step guide

Steps for setting up the attributes needed for SAML ADFS to auto create users

  1. Logged in as an Administrator, go to the Administration-User Management- SAML tab.

  2. Turn on the "Automatically create authenticated users" switch. 3 empty attribute fields will appear.

  3. Populate the 3 fields (First Name, Last Name, & Email Address) as follows:
    SAML attribute containing first name

    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname



    SAML attribute containing last name

    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname



    SAML attribute containing email address
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  4. You can keep the default Group that the new users will be added to called "Users" at this time unless a particular group is to be used for all new users.

  5. Exiting the SAML tab should assure that the fields are saved and now new users that access the URL for the platform AND authenticated via SAML are created.

    image2018-7-18_17-58-35.png

Note: There may be some discrepancies in the attribute names like "email" versus "emailaddress", but an ADFS admin can confirm those attributes. This attribute document for ADFS SAML Claims may be useful:

https://msdn.microsoft.com/en-us/library/microsoft.identitymodel.claims.claimtypes_members.aspx