For each user account that will be logging in using SAML authentication, you must associate the person with his/her Distinguished Name.
When configuring SAML authentication, the Authentication attributes field in Suite Manager is used to identify the SAML attribute (as it relates to LDAP) that will be mapped to Suite for user authentication.
Example 1: If you entered distinguishedName for the authentication attribute, that attribute name and its value for the authenticated user will be returned to Suite. Each user profile in Suite Manager will require his/her distinguished name (DN) to be added to the Distinguished Name field of the User tab in Suite Manager (e.g., CN=John Doe,OU=Employees,OU=Houston,DC=example,DC=com).
Example 2: If you entered userPrincipalName for the Authentication attributes field, then that attribute name and its value for the authenticated user will be sent by the IdP server to Suite. Each user profile in Suite Manager will require his/her user principle name (UPN) to be added to the Distinguished Name field of the User tab in Suite Manager (e.g., John.Doe@example.com).
When the user is authenticated by the IdP server, the specified attribute and its value will be sent by the IdP server to Suite in a SAML response. Suite then performs a lookup in the Users table (DistinguishedName column) for the value of the authentication attribute.
To Assign a Distinguished Name for SAML authentication:
- Open Suite Manager.
- On the Suite Manager control panel, click on the Users/Groups component in the Security area.
- On the Users tab, select a user and click the Edit button.
- In the Distinguished Name field in the dialog box that appears, enter the value of the attribute listed in the Authentication attributes field in the Suite Manager SAML Integration tab. For example, if email is the attribute listed in the Authentication attributes field, then type the email address for the user in the Distinguished Name field.
- Click Save and close the dialog box.