SAML attribute map

Once you have the SP info added to your IdP, the IdP info and certificate added to KnowledgeOwl, and have enabled SAML SSO, you'll need to map SAML attributes. This allows KnowledgeOwl to properly create / update readers in your account when they log in, and ensures they see the correct content when they do.

Use the SAML attribute map to directly map an attribute coming from your IdP and to an existing KnowledgeOwl field. This works well for one-to-one fields like your reader's email address, first, and last names, or arrays of products or departments that might become reader groups in KnowledgeOwl.

To add these mappings:

  1. Go to Security and access > Single sign-on.
  2. Open the SAML attribute map tab.
  3. For each attribute you would like mapped between your IdP and KnowledgeOwl, add the name of the attribute field as it appears in your IdP into the corresponding field in the map.

    Minimum required info
    You must map a unique ID (SSO ID) and an email address. The reader's email address can be used as both the SSO ID and their email address.

  4. If you cannot use a direct mapping like this, consider using Custom attribute map rules instead. SAML attribute mappings always overwrite custom attribute mappings. If you're using custom attribute map rules to set the value for a field, you should leave the SAML Attribute map blank for that field.
  5. Save your map.

Here's a sample Direct Attribute mapping:

A SAML attribute map with values entered for Username / email, First name, Last name, Reader groups, and Custom field 1.Sample SAML attribute map

This will map the incoming values from my IdP:

  1. The IdP uid attribute will be entered into the KnowledgeOwl SSO ID field.
  2. The IdP email attribute will be entered into the KnowledgeOwl Username / Email field.
  3. The IdP firstName attribute will be entered into the KnowledgeOwl First Name field.
  4. The IdP lastName attribute will be entered into the KnowledgeOwl Last Name field.
  5. The IdP products attribute will be entered into the KnowledgeOwl Reader Groups field.
  6. The IdP company attribute will be entered into the KnowledgeOwl Custom Field 1 field.

Refer to Create a reader for more information on what these reader fields mean and where you can see them.