Once you have the SP info added to your IdP, the IdP info and certificate added to KnowledgeOwl, and have enabled SAML SSO, you'll need to map SAML attributes. This allows KnowledgeOwl to properly create / update readers in your account when they log in, and ensures they see the correct content when they do.
Direct Reader Attribute Mappings take the exact value of an attribute coming from your IdP and map it to an existing KnowledgeOwl field.
To add these mappings:
- Go to Settings > SSO.
- Open the SAML Attribute Map tab.
- For each attribute you would like mapped between your IdP and KnowledgeOwl, add the name of the attribute field as it appears in your IdP into the corresponding field in the map.
At minimum, you MUST map a unique ID (SSO ID) and an email address. The reader's email address can be used as both the SSO ID and their email address if this is preferred.
- If you cannot use a direct reader attribute mapping for a field, consider using Custom Attribute Map Rules instead. Direct reader attribute mappings always overwrite custom attribute mappings--if you're using custom attribute map rules to set the value for a field, you should leave the direct mapping blank for that field.
- Save your mappings.
Here's a sample Direct Attribute mapping:
This will map the incoming values from my IdP:
- The IdP 'uid' attribute will be entered into the KnowledgeOwl SSO ID field.
- The IdP 'email' attribute will be entered into the KnowledgeOwl Username / Email field.
- The IdP 'firstName' attribute will be entered into the KnowledgeOwl First Name field.
- The IdP 'lastName' attribute will be entered into the KnowledgeOwl Last Name field.
- The IdP 'groups' attribute will be entered into the KnowledgeOwl Reader Groups field.
- The IdP 'dept' attribute will be entered into the KnowledgeOwl Custom Field 1 field.
See Create a reader for more information on what these reader fields mean and where you can see them.