Federation Security Services Guide › Authenticate SAML 2.0 Users at the Service Provider › Configure User Disambiguation for User Look Ups › Use a SAML Affiliation to Locate a User Record (Optional)

Use a SAML Affiliation to Locate a User Record (Optional)

An affiliation is a group of Service Providers. Grouping Service Providers enables them to establish a link across the federated network, such that a relationship with one member of an affiliation establishes a relationship with all members of the affiliation.

All Service Providers in an affiliation share the same name identifier for a single principal. If one Identity Provider authenticates a user and assigns that user an ID, all members of the affiliation will use that same name ID, thereby reducing the configuration required at each Service Provider. Additionally, using one name ID for a principal saves storage space at the Identity Provider.

If you select an affiliation and you choose to use the optional Xpath query and search specification for user disambiguation, these options are defined as part of the affiliation itself and not part of the authentication scheme.

Note: An affiliation has to be defined before you can select it.

To select an affiliation

1. From the Authentication Scheme Properties dialog box, click Additional Configuration.

   The SAML 2.0 Auth Scheme Properties dialog box opens.

2. Select the Users tab.
3. In the SAML Affiliation drop-down field, select a pre-defined affiliation name. These affiliations are configured at the Identity Provider.

If you select an affiliation, the Xpath Query and Search Specification fields are disabled.