To import users into OnApp Cloud already with a number of preset properties (user role, time zone, group, etc.), the administrator of the Identity Provider adds additional attributes to their users. These attributes can be imported into or synchronized with the Server Provider (OnApp Cloud), making it possible to configure SP users in Identity Provider's system.
To import users with additional attributes, the administrator of the Identity Provider adds the required attribute(s) to users and fills them in with values from OnApp. For example, the administrator of the Identity Provider wants a user imported with a role. For this, the role attribute should be created and given a value of an OnApp role(s). The name of this parameter is entered in the Roles key field.
When a user enters OnApp Cloud through the IdP instance, the system will check whether the synchronization is enabled and then it will look for the OnApp-dedicated attributes. Keys for attributes mapping are the names of the said attributes.
Note that some attributes cannot be changed once the user is imported to OnApp cloud. These include User bucket key for all of the users and User group key for the vCloud users. If there is a mismatch between preset properties and OnApp-dedicated attributes, the user authorization will fail.
The table below lists the mandatory and optional keys for attributes mapping.
|Mandatory keys for attributes mapping|
The key that enables the import and synchronization of user attributes during every login to OnApp; third-party system users who are not yet registered in OnApp will not be created without this key.
|User bucket key|
The key to assign the user to a particular bucket under which this user will be billed.
|User email key|
The email of the user.
|User name key|
The login name of the user that cannot be changed or synchronized after creating. If this key is missing the email address will be utilized as a login name for the user.
|Optional keys for attributes mapping|
|First name key||The first name of the user.|
|Last name key||The last name of the user.|
The language in which OnApp Cloud UI will be available to the user.
Make sure that the language for this key is selected in the Locales box at the Settings > Configuration > Interface page.
|System theme key|
The default system theme that is available in OnApp. There are light and dark system themes that can be used for this key.
|Display infoboxes key||The option that enables or disables the display of infoboxes for the user.|
|Disable auto suspend key|
The option that enables or disables auto-suspending of the user.
|Suspend after key||The period of time in hours after which the user will be suspended.|
|Suspend at key||The date and time when the user will be suspended.|
|User group key|
The attribute to assign the user to a particular user group.
The key of the role attribute that will create or sync the user's role in OnApp
If an irrelevant role attribute is specified for this key, the user will be assigned to a role with no permissions.
|Time zone key||The key of the time zone with which the user will be associated.|
The SAML Authentication will work if the optional fields are left blank. Do not fill in these fields if the attributes were not added by the administrator of the Identity Provider.
An example of Attribute Mappings keys may look like the following:
- OnApp key - OnApp_Enabled
User bucket key - OnApp_Bucket
- User email key - OnApp_UserEmail
- User name key - OnApp_UserName
- First name key - OnApp_FirstName
- Last name key - OnApp_LastName
- Locale key - OnApp_Locale
- System theme key - OnApp_SystemTheme
- Display infoboxes key - OnApp_DisplayInfoboxes
- Disable auto suspend key - OnApp_DisableAutoSuspend
- Suspend after key - OnApp_SuspendAfter
- Suspend at key - OnApp_SuspendAt
- User group key - OnApp_UserGroup
- Roles key - OnApp_Roles
- Time zone key - OnApp_TimeZone
These attributes have to contain values which will be imported or synchronized with corresponding OnApp user entries. The attributes are case insensitive and belong to the following types:
- OnApp_Enabled - the boolean type with two possible values that are true or false
- OnApp_Bucket - the string type with the value corresponding to the bucket label
- OnApp_UserEmail - the string type with the value corresponding to the user email address
- OnApp_UserName - the string type with the value corresponding to the username
- OnApp_FirstName - the string type with the value corresponding to the user first name
- OnApp_LastName - the string type with the value corresponding to the user last name
- OnApp_Locale - the string type with the value corresponding to the language label
- OnApp_SystemTheme - the string type with the value corresponding to one of the available system theme labels that are dark or light
- OnApp_DisplayInfoboxes - the boolean type with two possible values that are true or false
- OnApp_DisableAutoSuspend - the boolean type with two possible values that are true or false
- OnApp_SuspendAfter - the integer type with the value corresponding to the number of hours after which the user will be suspended
- OnApp_SuspendAt - the datetime type with the value corresponding to the date when the user will be suspended
- OnApp_UserGroup - the string type with the value corresponding to the user group label
- OnApp_Roles - the string type with the value corresponding to the role label that may contain several values separated by a semicolon
- OnApp_TimeZone - the string type with the value corresponding to the time zone label
"OnApp_Enabled" => "TRUE" / "false", "OnApp_Bucket" => "somebucket", "OnApp_UserEmail" => "someemail", "OnApp_UserName" => "somename", "OnApp_FirstName" => "Somefirstname", "OnApp_LastName" => "Somelastname", "OnApp_Locale" => "en", "OnApp_SystemTheme" => "light", "OnApp_DisplayInfoboxes" => "TRUE" / "false", "OnApp_DisableAutoSuspend" => "TRUE" / "false", "OnApp_SuspendAfter" => "90", "OnApp_SuspendAt" => "2017-10-19 13:10:00", "OnApp_UserGroup" => "Test user group" "OnApp_Roles" => "Administrator";"Advanced user", "OnApp_TimeZone" => "Baghdad"