Attribute Map Settings

Table 1. Attribute Mapping Settings
User Profile Attribute	SAML Attribute
First Name	The URL or endpoint where the IdP provides the user's given name.
Last Name	The URL or endpoint where the IdP provides the user's family name or surname.
Email	The URL or endpoint where the IdP provides the user's email address.
Group	The URL or endpoint where the IdP provides the user's group memberships.
Group Name Mapping	Specifies how group names from the IdP are translated, or mapped, to the corresponding group names in ExtremeCloud IQ: Select the IdP Group, ExtremeCloud IQ Group, and Site(s) for each group name map. Select Add a group name mapping to add a new group map row. Select to delete a group map. Select and drag the row to reorder the group mappings. The first group that the user matches the rule, in the order, the process stops. Rules are enforced top down, once a user is in the first group in a rule, the Determine what action ExtremeCloud IQ should take for users that do not match a defined group name mapping: Deny user login. Allow user login and assign a default user group (select a default group). Note: When defining Group Mappings for the Operator, Monitor, Help Desk, Observer, and Installer roles you must define sites to view managed devices. Administrators have global oversight, so site-specific group mappings are ignored. Sites are ignored for Guest Management accounts. However, Guest Management accounts must be added to a Credential Distribution group to view and create guest accounts, see Add a Credential Distribution Group.