Feature request: SAML-Ressources | multiple attributes that can be claimed by the SP
Concerning SAML-Ressources, SSO and Provisioning, I suggest the feature to allow multiple attributes to be send on SAML-based authentication flows.
So far, it is possible to add SAML ressources and can choose between [Email, User Name, Email prefix] as the User ID to be send on redirection to the service provider (SP).
Increasing the number of attributes, that can be claimed by the SP, would mean that more attributes could be send and synchronised in SPs User base. Therefore you don't need to manually do this or set up additional synchronisation of users to the SP user directory, which also could cause IT-security risks.
These additional attributes, I'm speaking from, are for example: phone number, department, location, and so on of an user.
Now, with a SAML-flow that supports multiple attributes to beclaimed by the SP, these attributes can be synchronised at the time the user logs in the SP application.
How would this feature benefit customers or Watchguard?
- Customers can provision Users through SAML-flow in SP application
- Customers do not need to setup additional user synchronisation - which could also cause IT-security risks
- Customers could reduce costs regarding user synchronisation management - the setup is only needed to be done for Authpoint user synchronisation
- Many other MFA-/SSO-providers offer this feature - therefore Watchguard / Authpoint could increase their competitiveness and attractiveness
Following Requirements would be necessary to implement the feature
- Watchguard adds the possibility to synchronise more attributes in its own user directory.
- Watchguard adds the possibility to send more attributes on SAML-based autentication flows.
What do you think of this?
Does any other Authpoint customer could make good use of it?