• After testing the configuration, Map your application attributes with the Identity Provider (IdP) attributes.

• From the left-hand menu of the miniOrange ASP.NET SAML SSO Middleware, click on Attribute/Role Mapping tab as shown in the image.
• Map the required IdP attributes (such as Username, Email, Firstname, and Lastname) received in the SAML Response to their corresponding fields.

• Note: All the mapped attributes will be stored in the session so that you can access them in your application.
• Once the attributes are mapped, click Save Attribute Mapping to apply changes.

Custom Attribute Mapping

• If you want to pass additional attributes from your IdP, enter the Attribute Name and corresponding Attribute Value under Custom Attribute Mapping.
• From the Attribute Value (Claim) dropdown, select one of the claims you received in the Test Configuration results. For example: NameID.
• These claims correspond to the attributes sent by your Identity Provider (IdP).

• These claims correspond to the attributes sent by your Identity Provider (IdP).

• In the Attribute Name field, enter the name of the attribute as you want it to appear or be used in your .NET application.
• You can add multiple mappings if your application requires multiple attributes by clicking on the + button.
• After defining all the required mappings, click on Save Attribute Mapping to store the configuration.

• The plugin will now translate the incoming SSO claims from your Identity Provider (IdP) into the custom attribute names defined here.

Role Mapping

• In the Role Mapping section , enter the Group Attribute Name exactly as configured in your Identity Provider to fetch the user group information.
• Enter the Role Name received from the Identity Provider and map it to the appropriate Role Vaue field. In the Role Value field, enter the roles defined in your .NET application.
• For example: Map the IdP group Group1 or Group10 received under the UserGroups attribute to the corresponding role configured in your .NET application.
• After adding the required mappings, click on Save Role Mapping to save the configuration successfully.

Domain Restriction

• This feature can be used to restrict user access to the site based on the domain of their mapped “Email“ Attribute.
• In the Email Attribute field, enter the attribute name that contains the user's email address as received from your Identity Provider (IdP).

• In the Domain Name field, enter the domain(s) you want to allow or restrict, separated by commas if adding multiple domains.
• Enable the Restrict toggle based on your requirement to configure blacklist or whitelist access.
• After completing the configuration, click on Save Domains to save the settings successfully.