Create attribute map

Before creating the custom IDP in Identity Cloud, you need to create an attribute map. The attribute map is a simple list of key-value pairs that specifies what pieces of data should be routed to Identity Cloud from the IDP.

Your attribute map will look something like this:

"/email": "/email",
"/verifiedEmail": "/email_verified",
"/displayName": "/username",
"/name/givenName": "/first_name",
"/name/familyName": "/last_name"

For each data mapping, the Identity Cloud attribute is the key on the left, and the IDP attribute is the value on the right:

Identity Cloud attribute : IDP attribute
"/displayName" : "/username"

Note! The preceding backslash (/) is required on all attributes in the map.

Identity Cloud attributes

The following Identity Cloud attributes can be used in the attribute mapping:

  • /email - User email address
  • /verifiedEmail - User email address that has been verified. Notes:
    • This is not the same as the emailVerified attribute in the schema, which contains a dateTime stamp.
    • If you map a valid email address to this attribute, the emailVerified date will be populated upon initial authentication with the IDP.
    • Mapping to this attribute enables the account merge feature for this IDP.
  • /displayName - Unique username
  • /name/givenName - User first name
  • /name/familyName - User last name

You may notice these don’t exactly match the attributes in your Identity Cloud schema. That’s because you cannot map directly to schema attributes. Instead, these correspond to the standard social login mapping logic that is hidden in your flow file(s).

What if I want to map additional data to Identity Cloud? If there are unlisted attributes you want to map, please reach out to your Akamai representative. Our Professional Services team can help by adding the required mapping logic into your flow. Also note that, if you’ve worked with us in the past to add non-standard mapping logic, you may already have additional attributes you can use.

As a best practice, the following Identity Cloud attributes should be included in the map whenever this data is available from the IDP:

  • /email
  • /verifiedEmail (if the IDP provides a verified email address)
  • /displayName (used by Identity Cloud’s legacy JavaScript widget/SDK)

IDP attributes

Did you skip a step? Please go back and SELECT THE PROTOCOL to see helpful instructions here.

For more information, see Mapping Attributes in the Education Center.

Create attribute map

Type or paste your attribute map into the text area below.

See example of an attribute map