Use the Identity Provider attributes that are received from the Security Assertion Markup Language (SAML) response from the Identity Provider (IdP) as a filter criteria for authentication.

To fetch all the attributes from an IdP through the SAML response, you should perform a test connection with the IdP. After a successful test connection, the attributes are added in a new tab in the Identity Provider configuration page.

Note: Identity Provider filter is available with Zero Trust Access feature. For more information, see Zero Trust Access.
Identity Provider

You can also add attributes by selecting New from the Identity Provider Attributes section and use those attributes for Adaptive Authentication by setting it to true.

The Identity Provider Attributes are displayed with the following details:

Table 1. Location Filter Criteria form
FieldDescription
Name Attribute name that is provided by the Identity Provider.
Display Name Display Name is the detailed name that is used for the filter criteria.
Note: You can provide a readable name as a Display Name, in some cases the Display Name provided by the Identity Providers are lengthy and not readable.
Default Value Default value is used for filter criteria evaluation in case the attribute is missing in the SAML response.
Use in Adaptive Authentication Option to use the Attribute in the Adaptive Authentication.
Note: Attributes that are populated from Azure IdP have name and display name limited to characters, due to the name length of the attribute.

You can also add new attributes by selecting New in the Identity Providers Attributes section.

If the Use in Adaptive Authentication is set to true, then the selected attribute is added as filter criteria in the Generic Filter Criteria. For example, risk_score set to true. The Generic Filter Criteria page has a new filter created.