Setup a SAML Identity Provider Mapper in Keycloak
Setting Up a SAML Identity Provider Mapper in Keycloak to map user metadata and other metadata.
You can set up a SAML 2.0 identity provider (IDP) mapper in Keycloak to map PoolParty user metadata, groups and roles. You need this mapper to match PoolParty metadata (user name, email address etc.) and information related to authorization (groups and roles) with corresponding user attributes that the SAML IDP provides.
The IDP used by your organization may store first names under the attribute givenname. PoolParty stores the first name in the attribute firstname.
To set up a SAML IDP mapper in Keycloak, refer to the Keycloak documentation.
Note
Which Mapper Type you choose and how you configure it depends on the assertions coming from your IDP. For more information, consult the Keycloak documentation.
You can choose the Mapper Type and configure the mapping.
PoolParty has the following attributes which you can map in Keycloak:
PoolParty Attribute | Keycloak Identity Provider Mapper Type | Comment |
|---|---|---|
firstName | Attribute Importer, Hardcoded Attribute | |
lastName | Attribute Importer, Hardcoded Attribute | |
Attribute Importer, Hardcoded Attribute | ||
username | Attribute Importer, Hardcoded Attribute, Username Template Importer | Usernames must be unique. |
Advanced Attribute to Role, Hardcoded Role, SAML Attribute to Role | Use one of the special role mappers and select one of the predefined PoolParty roles as target. | |
SAML Attribute to Group | Use one of the special role mappers and select one of the PoolParty groups as target. |