Supported SAML Assertions

This is a list of the assertions supported by GorillaStack for pre-populating user profiles upon sign-in.

  • All attributes have no namespace - they should be specified with the namespace attribute blank.
  • Every attribute should be a single string value - we don't have any multi-value attributes
Attribute Description First sign-in only
firstName User profile First Name Yes
lastName User profile Last Name Yes
phoneNumber User profile Phone Number Yes
timezone Timezone, specified as the time zone name (as per the time zone database) Yes
gsRole A role to assign to the user No
gsUserGroups

A comma-separated list of user group assignment pairs. Each pair is the name of a user group and a role separated by a colon (:) i.e.

group1:role1,group2:role2,group3:role3

For example RedGroup:Member,GreenGroup:Guest assigns the user to RedGroup with the Member role and GreenGroup with the Guest role.

Note: it is taken as the full list - if a pair has changed or is omitted since the last sign-in, the user group membership will be updated or removed (respectively).

No
allUserGroupsRole

A role to assign to the user in every user group.

Note: when defined, this attribute overrides any user group role mappings specified in the `gsUserGroups` attribute

No

*First sign-in only means that this assertion is only used on the first sign-in to populate the user profile (it isn't subsequently updated)