When you integrate the Browser Extension with an external identity provider, you can map various user attributes in the Browser Extension to attributes in the identity provider. For example, you could map the country, department, or group attributes of all users. This enables you to then use these attributes to create rules for assigning policies to users - based on the user attributes. For details on how to create policy assignment rules, see Using rules to assign policies.
You can add and configure attribute mappings either when you first configure an identity provider, or after you have configured an identity provider. For details on how to configure an identity provider, see Identity Provider [IdP] Integration - Generic [ABS].
For details on how to see what attributes are set for a specific user, see User attributes and assigned policies.
Adding a new attribute mapping
After you have configured an identity provider, you can map user attributes between the Browser Extension and that provider.
When you add a new attribute mapping, you specify
-
the name of the attribute as it will be identified in the Browser Extension
-
the SAML claim of the attribute in the external identity provider
|
Note
|
To map user attributes in the Browser Extension to external identity provider attributes:
-
Open the Settings > Identity provider integration page.
-
Click Attribute mapping. The list of existing attribute mappings is displayed.
-
Click Add new attribute. A new row is added to the top of the attribute mapping table.
-
Enter an Attribute name for the new mapping. This is the name that will be used in the Advanced Browser Security Console to identify the attribute.
-
Enter the SAML claim. This is how the attribute is identified in the identity provider. This value is often found under "User Attributes & Claims" or the equivalent section in the identity provider's console. The value often has the format of a URL.
-
Click Save.
See also:
