1. SAML Single Sign-On
  2. Configuring the Identity Provider for the SAML Integration
  3. SAML Assertion Attributes

SAML Assertion Attributes

After you have created a service provider (SP) profile for SuiteProjects Pro and imported the SuiteProjects Pro SAML metadata into your IdP service, you need to ensure that SAML assertions contain the required attributes with the appropriate SuiteProjects Pro sign-in identifiers.

This following table lists both required and optional assertion attributes and the SuiteProjects Pro sign-in identifiers they map to.

Attribute

Required / Optional

Description

NameID

Required

SuiteProjects Pro User ID — The unique user identifier (Employee ID on the employee demographic form in SuiteProjects Pro).

Important:

Depending on your IdP configuration, you may not be able to map NameID to the source attribute containing the SuiteProjects Pro User ID. For example, the IdP service may use NameID as a transient identifier for session management. If this is the case:

  • The assertion must contain both NameID and user_nickname attributes.

  • Use user_nickname to send the SuiteProjects Pro User ID in the SAML assertion.

user_nickname

Optional

If specified, user_nickname takes precedence over NameID for identifying the user. You can use user_nickname to send the SuiteProjects Pro User ID in the SAML assertion if NameID cannot be used.
Note:

The attribute account_nickname is no longer required. The SuiteProjects Pro SAML endpoint is unique to your SuiteProjects Pro account and to each IdP profile.

Related Topics: