SAML Attributes - Digital-Platform-Services/My-NS-Account GitHub Wiki
The following attributes will be a part of all SAML user authentication responses.
| Attribute | Descripton |
|---|---|
| NameID | While not appearing as an attribute but rather as an element on its own, the NameID is the unique identifier (GUID) for user for that particular RP. The GUID generated for each user of My NS Account is 256 bits long and returned in a hexadecimal representation of 64 digits. Some examples: da157689be4d5c95d3a15aaf0dd60acf2657b0c33aa9dc7b8f2fc817dd2412ef |
| firstName | User’s First Name. |
| lastName | User’s Last Name. |
| editProfileUrl | The URL where a user may find and edit their profile information. For public citizens, this is the My NS Account User Profile page. For Internal users, this points to Microsoft Delve. Much of this information is not updatable. |
| roles | (Optional) If a group was created for your RP in the My NS Account Identity Manager (IDM), the ‘role’ value that is optionally defined will be passed through. This is a freeform text field of at most 64 characters. |
| middleName | (Optional) User’s Middle Name. |
| Confirmed Email address of the user. |
The following attributes will be a part of all Province of Nova Scotia (NS Health and Government of Nova Scotia) SAML user authentication responses.
| Attribute | Descripton |
|---|---|
| MemberOf | (Optional) A list of Active Directory group names to which the users belongs. These groups need to be set up under the NSAuth Active Directory application group. |
Other Attributes may be pulled from Active Directory as required under the Privacy Impact Assessment (PIA) of your application.