UserGlobalSettings
The following parameters will provide the necessary data for all SAML tokens where the HIS and/or the LDAP directory does not have the necessary information. This helpful when there are key attributes that would be challenging to manage for all users, but are globally the same for the organization or a set of users (as defined by the NameQualifier.
It is possible to have different entries to match different NameQualifier values (or UserContextDomain) in order to accommodate environments where more than one organization, entity, or unique groups have to be supported.
- Name: This value is merely a label and should be unique if there is more than one entry.
- NameQualifier: this is the NameQualifier value that users will be matched against. For all users with the specified NameQualifier these values will be used (unless provided by the source system):
- UAO
- UAOType
- grantByDelegateMeritOnly
- IdentityProvider
- IdentityVerificationSchemeRef
- UAOIdentityVerificationSchemeRef
- DelegationVerificationSchemeRef
- CredentialVerificationSchemeRef
- ProtectedNetwork
- PrimaryFactor
- GlobalRole: This value represents a set of comma-delimited roles that will be asserted in the SAML token
- GlobalServiceEntitlement; available since version 1.8
- AuthenticationLevel; available since version 1.8
Example Configuration
<UserGlobalSettings> <UserConfig Name="PrimaryUserPopulation" NameQualifier="corporate.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="SecondaryUserPopulation" NameQualifier="rehab.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="OncologyDepartment" NameQualifier="oncology.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA,Oncology" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> </UserGlobalSettings>