Your metadata file must provide these authentication attributes:
- Entity ID: Also referred to as the "issuer," this is the unique ID included in all SAML messages sent from your authentication server.
- Certificate: An authentication certificate saved in .pem format.
- Redirect URL: The URL of your organization's web-based authentication page.
The metadata file should also identify the user attributes that will be included in SAML assertions sent from your authentication server. When a user is authenticated, Apperian uses attributes in the assertion to locate the user in the Apperian database and log the user in to the App Catalog. If the user is not already listed in the database, a new user account is created for the user (this is called "auto-provisioning").
Your SAML assertions must include the following user attributes:
- First Name
- Last Name
- Email Address and/or User
During auto-provisioning, the User attribute sets the value for "User ID," which is a unique identifier for the user in the Apperian database. If you do not provide the User attribute, Apperian uses Email Address for both the "Email Address" and "User ID" parameters in the database. The User attribute must be 200 characters or less, and cannot include spaces. Valid characters include: