Auto create users with SAML over ADFS
When users need to be created automatically when accessing the platform for the first time post authentication.
Step-by-step guide
Steps for setting up the attributes needed for SAML ADFS to auto create users
- Logged in as an Administrator, go to the Administration-User Management- SAML tab.
- Turn on the "Automatically create authenticated users" switch. 3 empty attribute fields will appear.
- Populate the 3 fields (First Name, Last Name, & Email Address) as follows:
SAML attribute containing first name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
SAML attribute containing last name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
SAML attribute containing email address
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress - You can keep the default Group that the new users will be added to called "Users" at this time unless a particular group is to be used for all new users.
- Exiting the SAML tab should assure that the fields are saved and now new users that access the URL for the platform AND authenticated via SAML are created.
Note: There may be some discrepancies in the attribute names like "email" versus "emailaddress", but an ADFS admin can confirm those attributes. This attribute document for ADFS SAML Claims may be useful:
https://msdn.microsoft.com/en-us/library/microsoft.identitymodel.claims.claimtypes_members.aspx
