Just in Time SSO

We are implementing a Just in Time Federated SSO for which we are sending full base64 encoded SAML response
under which we have all the data elements in Pass through data.

Can salesforce parse that and extract each individual elements, if yes, do we need to follow some specific steps to achieve this?

How the Identity Provider would be mapping/aware of Account Id and Contact ID for the user?

Thanks in Advance.

Answer

Sara, are you trying to create users in Salesforce on the fly, using Just-in-Time provisioning? If so, have you tried specifying the User.ContactId attribute in your assertion?

I think if you add an attribute (example below) based on Salesforce’s sample assertion, the users created by Just-in-Time provisioning will be associated to the correct contact, and by association to the correct account.

<saml:Attribute Name="User.ContactId"
    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml:AttributeValue xsi:type="xs:anyType">003o0000002rYsN
    </saml:AttributeValue>
</saml:Attribute>

Attribution
Source : Link , Question Author : Sara , Answer Author : Marty C.

Leave a Comment