UserGlobalSettings

From
Revision as of 09:57, 15 January 2020 by Thewikiadmin (talk | contribs) (Created page with " The following parameters will provide the necessary data for all SAML tokens where the HIS and/or the LDAP directory does not have the necessary information.  This helpf...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The following parameters will provide the necessary data for all SAML tokens where the HIS and/or the LDAP directory does not have the necessary information.  This helpful when there are key attributes that would be challenging to manage for all users, but are globally the same for the organization or a set of users (as defined by the NameQualifier.

It is possible to have different entries to match different NameQualifier values (or UserContextDomain) in order to accommodate environments where more than one organization, entity, or unique groups have to be supported. 

 

Name: This value is merely a label and should be unique if there is more than one entry.

NameQualifier: this is the NameQualifier value that users will be matched against. For all users with the specified NameQualifier these values will be used (unless provided by the source system):

UAO

UAOType

grantByDelegateMeritOnly

IdentityProvider

IdentityVerificationSchemeRef

UAOIdentityVerificationSchemeRef

DelegationVerificationSchemeRef

CredentialVerificationSchemeRef

ProtectedNetwork

PrimaryFactor

GlobalRole: This value represents a set of comma-delimited roles that will be asserted in the SAML token

GlobalServiceEntitlement; available since version 1.8

AuthenticationLevel; available since version 1.8


 

 

Example Configuration

<UserGlobalSettings> <UserConfig Name="PrimaryUserPopulation" NameQualifier="corporate.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="SecondaryUserPopulation" NameQualifier="rehab.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> <UserConfig Name="OncologyDepartment" NameQualifier="oncology.hospital.on.ca" UAO="2.16.840.1.113883.3.239.22" UAOType="org" grantByDelegateMeritOnly="false" IdentityProvider="2.16.840.1.113883.3.239.22.13" IdentityVerificationSchemeRef="AL2" UAOIdentityVerificationSchemeRef="AL2" DelegationManagementSchemeRef="AL2" CredentialManagementSchemeRef="AL2" ProtectedNetwork="true" PrimaryFactor="Password" CompensatingFactors="" GlobalRole="ConnectingGTA,Oncology" GlobalServiceEntitlement="MyService" AuthenticationLevel="AL2" Domain=""/> </UserGlobalSettings>
Retrieved from "https://sts.radiusworks.com/wiki/index.php?title=UserGlobalSettings&oldid=38"