Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Just-in-Time SAML Assertion Fields for Salesforce

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Just-in-Time SAML Assertion Fields for Salesforce

            With Just-in-Time (JIT) provisioning, the identity provider sends user information to your Salesforce org in an Attributes statement in a SAML assertion. Work with your identity provider to determine which user information you want to pass to your org and that the Attributes statement is formatted correctly.

            Note
            Note Provision Version is supported as an optional attribute. If it isn’t specified, the default is 1.0. For example:
            <saml:Attribute Name="ProvisionVersion" NameFormat=
   "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml:AttributeValue xsi:type="xs:anyType">1.0</saml:AttributeValue>
</saml:Attribute>

            SAML Assertion Fields

            When a user logs in to an org with standard JIT provisioning enabled, Salesforce pulls user data from the identity provider and stores it in a new User object. To tell Salesforce to create this object, you must use the User. prefix for all User object fields in the SAML assertion. In this example, the User. prefix is added to the Username field name.

            <saml:Attribute 
   Name="User.Username" 
   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml:AttributeValue xsi:type="xs:anyType">testuser@123.org</saml:AttributeValue>
</saml:Attribute>

            For detailed information about each User object field, see User in the Object Reference.

            For an example assertion, see the Sample SAML Assertion for Just-in-Time Provisioning section in Example SAML Assertions.

            Required User Fields

            These User fields are required in the SAML assertion.

            • Email
            • LastName
            • ProfileId
            • Username (insert only)

            A profile ID is different in each org, even for a standard profile. To make it easier to find the profile name, pass the ProfileName into the ProfileId field.

            With JIT, you can pass a new username into the User.Username field. You can also specify the User.FederationIdentifier if it’s present. However, the Username and FederationIdentifier fields can’t be updated through SOAP API or REST API.

            Optional User Fields

            These User fields are optional in the SAML assertion.

            • FirstName
            • CommunityNickname
            • FederationIdentifier
            • TimeZoneSidKey
            • LanguageLocaleKey
            • LocaleSidKey
            • EmailEncodingKey
            • DefaultCurrencyIsoCode
            • Role
            • Alias
            • Title
            • Phone
            • CompanyName
            • Active
            • AboutMe
            • Street
            • State
            • City
            • Zip
            • Country
            • ReceivesAdminInfoEmails
            • ForecastEnabled
            • CallCenter
            • Manager
            • MobilePhone
            • DelegatedApproverId
            • Department
            • Division
            • EmployeeNumber
            • Extension
            • Fax
            • ReceivesInfoEmail

            Custom User Fields

            The SAML assertion can contain custom fields with a text type. You can use only the insert and update functions with custom fields.

            See Also

             
            Loading
            Salesforce Help | Article