Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  1. Fotoware Alto
    • End-User Manual
    • User Guides
    • Solutions
    • Terminology
    • API Changelog
  2. Fotoware Veloz
    • Managing users and groups
    • Configuring archives
    • Configuring workflows
    • Configuring site behavior
    • Navigating and searching to find your assets
    • Working with your assets
    • Editing asset metadata
    • Uploading files
    • Version Control in Fotoware
    • Albums - Creating and sharing collections
    • Placing assets in a CMS
    • Working with the Fotoware Pro interface
    • Using the Fotoware plugins
    • Consent management
    • User guide to FotoWeb for iPad (Legacy)
    • Picture conferencing with FotoWeb Screens (Legacy)
    • What's what in Fotoware
    • GDPR
    • Fotoware Veloz releases
    • Activity Exports
    • Example workflows
  3. Fotostation
    • Getting started with Fotostation
    • Viewing, selecting and sorting files
    • Managing your assets with archives
    • Adding metadata to assets
    • Searching for assets
    • Working with your assets
    • Version Control in Fotostation
    • Automating tasks with Actions
    • Configuring metadata fields and editors
    • Configuring Fotostation
    • Configuring Fotostation for multi-user environments
    • Troubleshooting Fotostation
  4. Fotoware Flow
    • What is Flow?
    • Getting started
    • Flow dictionary
  5. Fotoware On-Premises
    • Getting started
    • Index Manager
    • FotoWeb
    • Color Factory
    • Connect
    • Operations Center Guide
  6. Integrations and APIs (Fotoware Veloz & On-Premises)
    • The Fotoware API
    • Creating integrations using embeddable widgets
    • Authorizing applications using OAuth
    • Auto-tagging
    • FotoWeb Drag and Drop export
    • Integration using webhooks
    • Optimizely and Episerver plugin documentation
    • User Interface Integrations
  7. Fotoware Mobile
    • User guide for Fotoware Mobile for iPhone and Android
    • User guide to FotoWeb for iPad (Legacy)
    • User guide to FotoWeb for iPhone and Android (Legacy)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

Support

Table of Contents

Default properties in FotoWeb Synchronizing additional properties Attributes with multiple values Group membership mapping Address mapping Important points to note
  • Home
  • Fotoware On-Premises
  • FotoWeb
  • Managing users and groups (On-Premises)
  • Configuring authentication providers and single sign-on in FotoWare (On-Premises)
  • SAML Authentication (On-Premises)

SAML - FotoWeb attribute mapping

How to configure mapping of attributes sent from an Identity Provider (IdP) to FotoWeb for importing users via SAML.

02. June 2025

Elaine Foley

Table of Contents

Default properties in FotoWeb Synchronizing additional properties Attributes with multiple values Group membership mapping Address mapping Important points to note

Where to configure: From the Tools menu (cogwheel icon) go to Site Configuration > Security > Single Sign-on.

When setting up FotoWeb with SAML SSO, you can define attributes on the Identity Provider (IdP) that are synchronized to FotoWeb when a user is imported.

Such attributes can, for instance, include:

  • Group membership
  • Address information mapped to corresponding FotoWeb user information fields
  • User initials
  • Phone numbers, and so on.

Tip: The Managing Groups using SAML topic explains how to transfer group membership, with an example using ADFS. However, the procedure for doing so is quite similar whether using ADFS or another provider.

Default properties in FotoWeb

Four properties are default and required when integrating FotoWeb with an IdP using SAML:

E-mail, First Name, Last Name and Username.

The names of these properties can be changed in FotoWeb to accommodate, for example, an IdP that cannot modify the name of its outgoing attributes for the corresponding fields.

Example: If the IdP always sends the username as an attribute named uid, change the FotoWeb SAML Property Name for Username to uid to match that of the IdP. Remember that SAML property names may be case sensitive.

Tip: The SAML Property Name seen above is often referred to as SAML Attribute Name in many IdP setups.

Additional attributes can also be set as required as needed. When an attribute is required, a user will not be able to log in if the identity provider does not set the attribute.

Synchronizing additional properties

Additional properties synchronized via SAML can be mapped to FotoWeb user information fields. Choose the FotoWeb field using the drop-down list and enter the corresponding SAML attribute that the IdP delivers.

Attributes with multiple values

When setting up attributes, IdPs have different ways to transfer attributes with multiple values. FotoWeb supports multiple values for group memberships and address information, attributes that often comprise more than a single value.

For example, an IdP may transfer group membership as a single attribute that translates to a single SAML property mapping in FotoWeb - this 1-1 relationship means that a single group in the IdP translates to a single group in FotoWeb associated with the SAML property.

However, it's more typical for an IdP to transfer multiple group memberships. These can be transferred as a comma or semicolon-separated list, or as an array. You can set the format of the attribute's values in the Type column (see the example screenshot above), and choose between Single (1-1 mapping) or List, where you can choose between comma separation, semicolon separation, or Multi, meaning an array.

Group membership mapping

To synchronize groups from the IdP to FotoWeb, choose the Member of (Groups) entry from the FotoWeb user information field drop drop-down list then enter the corresponding SAML attribute it should be mapped to. With an ADFS integration, the default name of the SAML attribute is groups, but different IdPs may use different attribute names.

Next, choose the format of the group membership values from the IdP, Single, or List.

Important distinction: While the group mapping described above refers to linked groups, it's also possible to create default groups in FotoWeb in which all users who are imported via SAML are placed. Since having default groups means that anyone who authenticates via SAML can access FotoWeb, we recommend disabling all default groups if you're enforcing strict access control to FotoWeb.

Address mapping

An address information attribute from the IdP can also contain multiple values. By choosing List as the type, each attribute value will be added as an individual street address line.

Important points to note

  • When the IdP sends an attribute, that attribute is always updated when a user logs in via SAML.
  • If there is no SAML attribute mapping to a FotoWeb field or custom property, or if the attribute is not required and the IdP does not send it, then any existing Fotoware user data is not overwritten. This allows additional user data to be entered in the Fotoware user management module, for example, without risking it being overwritten.
 
 
saml mapping

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Indexing PDF documents
  • Selecting metadata to log
  • Defining metadata requirements for uploaded assets
eco-lighthouse-miljøfyrtårn

Company

  • About us
  • Resellers
  • Careers
  • Contact us

Help & support

  • Support center
  • Consultancy
  • Tech partners
  • Fotostation
  • System status

Trust Center

  • Legal
  • Security
  • Sustainability & ESG

Locations

Fotoware AS (HQ)
Tollbugata 35
0157 OSLO
Norway
FotoWare Switzerland AG
Industriestrasse 25
5033 Buchs (AG)
Switzerland

Copyright 2025 Fotoware All rights reserved.

  • Terms of service
  • Privacy policy
  • Cookie policy

Knowledge Base Software powered by Helpjuice

Expand