Previous Topic: Look Up User Records for SAML 2.0 AuthenticationNext Topic: Configure Disambiguation Locally as Part of the Authentication Scheme


Use a SAML Affiliation to Locate a User Record (Optional)

An affiliation is a group of Service Providers. Grouping Service Providers enables them to establish a link across the federated network, such that a relationship with one member of an affiliation establishes a relationship with all members of the affiliation.

All Service Providers in an affiliation share the same name identifier for a single principal. If one Identity Provider authenticates a user and assigns that user an ID, all members of the affiliation use that same name ID, reducing the configuration required at each Service Provider. Additionally, using one name ID for a principal saves storage space at the Identity Provider.

If you select an affiliation and you select to use the optional Xpath query and search specification for user disambiguation, these options are defined as part of the affiliation itself and not part of the authentication scheme.

Note: Define an affiliation before you can select it.

To select an affiliation

  1. From the Authentication Scheme Properties dialog, click Additional Configuration.

    The SAML 2.0 Auth Scheme Properties dialog opens.

  2. Select the Users tab.
  3. In the SAML Affiliation drop-down field, select a predefined affiliation name. These affiliations are configured at the Identity Provider.

If you select an affiliation, the Xpath Query and Search Specification fields are disabled.

More Information:

Configure SAML 2.0 Affiliations At the Identity Provider