Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Mappings are used to manually map a Ubisecure user's user id to a user id required by an application. For example, if user "John Doe" in Ubisecure SSO requires access to various existing applications. In his CRM application, the name must be in the form "jdoe", and in a legacy ERP application his name is "u44342".

Figure 1: User Mappings

An example of mappings defined for a user across multiple applications is shown in Figure 1. From the example, when user3 accesses the:

  • CRM application, their identity will be sent in LDAP DN format
  • HR application, their identity will be sent in email address format
  • HR application, their identity will be sent in windows DOMAIN\shortname format

Once a table of mappings has been defined, it may be assigned to one or more Web Agents.

It is also possible to perform user name mappings using the Authorization Policy function. Use an Authorization Policy to use an existing user attribute as a username (for example, email address or employee number), or even use a common user name for all users of a specific group. Please refer to page Authorization for more information.

The first view of Mappings (Figure 2) presents all mapping tables in the selected site.

Figure 2. Mapping tables on the selected site
  • Mapping item
    Click mapping name, site or description to edit the mapping.
  • New Mapping
    Create a new mapping.
  • Delete Mapping / Check box
    Select mappings with checkboxes and click "Delete Mapping" to delete the selected mappings.

Mapping

The main view of a mapping object is presented in Figure 3.

Figure 3: The main view of a mapping object
  • Name
    Descriptive identifier for this Mapping configuration
  • NameID Format
    • Ubisecure User Mapping
      Execute a manual user mapping as specified in the Users tab. The mapped value will be sent as the NameID.
    • Persistent ID (XML ID format)
      Send a Persistent ID to the target application.
    • Persistent ID (UUID format)
      Send a Persistent ID to the target application.
    • Transient ID
      Send a Transient ID to the target application.
    • OAuth Refresh Token
      Send an OAuth Refresh Token to the target application.
  • Affiliation ID (SPNameQualifier)
    Set SPNameQualifier of SAML assertions to selected Agents. Optional. In most cases leave blank.
  • Platform
    This field is for administrators to keep notes related to this configuration. This field is informative only and does not affect system functionality. Optional.
  • Description
    This field is for administrators to keep notes related to this configuration. Complete a meaningful description explaining who has made the configuration and why. Reference other system documentation if appropriate. This field is informative only and does not affect system functionality. Optional.
  • Update
    Update the edited fields
  • New
    Create a new mapping table
  • Delete
    Delete this mapping table
  • Rename
    Rename this mapping table

Users

The Users view (Figure 4) presents all user mappings in this mapping table. In this example, the user named user3 will have the name "CN=John Smith,OU=CRM Users,CN=crm,DC=example,DC=com" when accessing the Agents of the mapping (specified in Figure 5). Without a name policy, by default, the user's location in the Ubisecure Directory is sent as the NameID.
The mapped name can be in any format expected by the target application: LDAP distinguished name, windows shortname, email address. Different users can also be mapped to the same user in the target system.

Figure 4: User mapping(s) in this mapping table
  • User
    Click user Name or Site to edit the user object
  • Mapped name / Update
    Edit this field to provide a different user name for the selected agent(s). Click "Update" to save changes.
  • Add
    Add a new user mapping.
  • Remove
    Remove the selected user mapping(s)

Multiple users can be added using the "Add…" function. All added names can then be edited in a convenient list format.

Agents

The Agents view (Figure 5) specifies with which agents the mapped name(s) will be used.
If you link mapping to more than one agent, then all these agents will receive the same persistentId. Generally each agent should have its own persistentId mapping.
In the example, the CRM mapping will be used by the test and production CRM agents, as well as the CRM Help System.

Figure 5: The list of agents that the mapped names will be provided for
  • Agent
    Click the agent name, site, status or type to open and edit the agent configuration
  • Add
    Add a new agent to the selected mapping table
  • Remove
    Remove the selected agent(s) from this mapping table
  • No labels