Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  1. Fotoware Alto
    • 11.14 Schreckhorn
    • Terminology
    • Solutions
    • User Guide - Deutsch
    • User Guide - English
    • API Changelog
  2. Fotoware Veloz
    • Managing users and groups
    • Configuring archives
    • Configuring workflows
    • Configuring site behavior
    • Navigating and searching to find your assets
    • Working with your assets
    • Editing asset metadata
    • Uploading files
    • Version Control in Fotoware
    • Albums - Creating and sharing collections
    • Placing assets in a CMS
    • Working with the Fotoware Pro interface
    • Using the Fotoware plugins
    • Consent management
    • User guide to FotoWeb for iPad (Legacy)
    • Picture conferencing with FotoWeb Screens (Legacy)
    • What's what in Fotoware
    • GDPR
    • Fotoware Veloz releases
    • Activity Exports
    • Fotoware Example Workflows
  3. Fotostation
    • Getting started with Fotostation
    • Viewing, selecting and sorting files
    • Managing your assets with archives
    • Adding metadata to assets
    • Searching for assets
    • Working with your assets
    • Version Control in Fotostation
    • Automating tasks with Actions
    • Configuring metadata fields and editors
    • Configuring Fotostation
    • Configuring Fotostation for multi-user environments
    • Troubleshooting Fotostation
  4. Fotoware Flow
    • What is Flow?
    • Getting started
    • Flow dictionary
  5. Fotoware On-Premises
    • Getting started
    • Index Manager
    • FotoWeb
    • Color Factory
    • Connect
    • Operations Center Guide
  6. Integrations and APIs
    • The Fotoware API
    • Creating integrations using embeddable widgets
    • Authorizing applications using OAuth
    • Auto-tagging
    • FotoWeb Drag and Drop export
    • Integration using webhooks
    • Optimizely and Episerver plugin documentation
    • User Interface Integrations
  7. Fotoware Mobile
    • User guide for Fotoware Mobile for iPhone and Android
    • User guide to FotoWeb for iPad (Legacy)
    • User guide to FotoWeb for iPhone and Android (Legacy)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support

Table of Contents

Default properties in Fotoware Synchronizing additional properties Attributes with multiple values Group membership mapping Address mapping Note
  • Home
  • Fotoware Veloz
  • Managing users and groups
  • Configuring authentication providers and single sign-on in Fotoware
  • SAML authentication

SAML - Fotoware Attribute Mapping

How to configure mapping of attributes sent from an Identity Provider (IdP) to FotoWeb for importing users via SAML.

11. April 2025

Elaine Foley

Table of Contents

Default properties in Fotoware Synchronizing additional properties Attributes with multiple values Group membership mapping Address mapping Note

Where to configure: Go to Site Configuration > Security > Single Sign-on. 

When setting up Fotoware with SAML SSO, you can define attributes on the Identity Provider (IdP) that are synchronized to Fotoware when a user is imported.

Such attributes can include, for instance:

  • Group membership
  • Address information mapped to corresponding Fotoware user information fields
  • User initials
  • Phone numbers, and so on.

Tip: The Managing Groups using SAML topic explains how to transfer group membership, with an example using ADFS. The procedure for transferring group membership is quite similar for all providers.

Default properties in Fotoware

Four properties are default and required when integrating Fotoware with an IdP using SAML: E-mail, First Name, Last Name, and Username.

The names of these properties can be changed in Fotoware to accommodate, for example, an IdP that cannot modify the name of its outgoing attributes for the corresponding fields.

Example: If the IdP always sends the username as an attribute named uid, change the Fotoware SAML Property Name for Username to uid to match that of the IdP. Remember that SAML property names may be case-sensitive.

Tip: The SAML Property Nameseen above is often referred to as SAML Attribute Namein many IdP setups.

Additional attributes can also be set as required as needed. When an attribute is required, a user will not be able to log in if the identity provider does not set the attribute.

Synchronizing additional properties

Additional properties synchronized via SAML can be mapped to Fotoware user information fields. Choose the Fotoware field using the drop-down list and enter the corresponding SAML attribute that the IdP delivers.

Attributes with multiple values

When setting up attributes, IdPs have different ways to transfer attributes with multiple values. Fotoware supports multiple values for group memberships and address information, attributes that often comprise more than a single value.

For example, an IdP may transfer group membership as a single attribute that translates to a single SAML property mapping in Fotoware - this 1-1 relationship means that a single group in the IdP translates to a single group in Fotoware associated with the SAML property.

However, it's more typical for an IdP to transfer multiple group memberships. These can be transferred as a comma or semicolon-separated list, or as an array. You can set the format of the attribute's values in the Type column (see the screenshot above), and choose between Single (1-1 mapping) or List, where you can choose between comma separation, semicolon separation, or Multi (meaning an array).

Group membership mapping

To synchronize groups from the IdP to Fotoware, choose Member of (Groups) entry from the Fotoware user information field drop-down list and then enter the corresponding SAML attribute to map to. With an ADFS integration, the default name of the SAML attribute is groups, but different IdPs may use different attribute names.

Next, choose the format of the group membership values from the IdP, Single,or List.

Note: While the group mapping described above refers to linked groups, it's also possible to create default groups in Fotoware in which all users who are imported via SAML are placed. Since having default groups means that anyone who authenticates via SAML can access Fotoware, we recommend disabling all default groups if you're enforcing strict access control to Fotoware.

Address mapping

An address information attribute from the IdP can also contain multiple values, Select List as the type to add each attribute value as an individual street address line.

Note

  • When the IdP sends an attribute, that attribute is always updated when a user logs in via SAML.
  • If there is no SAML attribute mapping to a Fotoware field or custom property, or if the attribute is not required and the IdP does not send it, then any existing Fotoware user data is not overwritten. This allows additional user data to be entered, for example, in the Fotoware user management module, without risking it being overwritten.
mapping saml

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Managing groups using SAML
  • Setting up SAML authentication
  • Configuring authentication providers and single sign-on in Fotoware
  • Troubleshooting SAML
eco-lighthouse-miljøfyrtårn

Company

  • About us
  • Resellers
  • Careers
  • Contact us

Help & support

  • Support center
  • Consultancy
  • Tech partners
  • Fotostation
  • System status

Trust Center

  • Legal
  • Security
  • Sustainability & ESG

Locations

Fotoware AS (HQ)
Tollbugata 35
0157 OSLO
Norway
FotoWare Switzerland AG
Industriestrasse 25
5033 Buchs (AG)
Switzerland

Copyright 2025 Fotoware All rights reserved.

  • Terms of service
  • Privacy policy
  • Cookie policy

Knowledge Base Software powered by Helpjuice

Expand