*: '''Assertion Target URL''' - target site url
*: '''Assertion Private Key''' - private key to establish connection with the target site.
=====User Creation Option=====
When users need to be created on the fly after SSO authentication, the following configuration settings are available:
* '''Create New User on No Match'''– when enabled, it will create new user when no matching is found and will allow login for new user upon successful authentication
* '''Define User Roles Through Custom Attribute'''– when enabled, it will use the SSO assertion “Roles” attribute to define users’ system roles.
* '''Default User Role When No Matching Role Found'''– selected role from this dropdown will be assigned to new created users only if “Roles” attribute in the assertion is empty, excluded or if the role name value does not match any existing role in your SmartSimple instance.
* '''Default New User Status'''– assigned user’s status for new users only
* '''Create New Organization When No Match Found'''– when enabled, it will create a new parent organization when no matching organization exists your SmartSimple instance.
* '''Default Organization'''– assigned user’s parent organization for new users
* '''Default New Organization Status'''– assigned parent organization’s status for new organizations
=====Role Mapping=====
=====User Creation Option=====<!--Ticket#124791 - SSO to update roles for existing users for a fully federated SSO-->Apply Role Mapping to new and existing users to control user roles within your SmartSimple system. Define the list of system roles you wish to be monitored upon each SSO authentication by a user. With external role mapping enabled, a user's roles within the system will be adjusted according to the role attributes explicitly provided by the assertion. Based upon the role mapping below, the user will be provisioned with all the roles as defined by the assertion attributes, and will also be stripped of any roles that they may currently possess that are listed in this setting but were not defined in the assertion attributes system. * '''Roles to be Monitored '''– define the list of system roles you wish to be monitored upon each SSO authentication by a user* '''Mapping '''– map all roles indicated above to the external role name from the client Identity Provider service Detailed expected behaviour of this settings can be found in Section 4
=====Multi Environment Support (MES)=====
<!--Ticket# 134892 - Service Provider initiated Single Sign On (SP-initiated SSO)-->
====Optional Attibutes====
The following optional attributes can be used in the assertion. Please note that they are case sensitive and should be labelled exactly.