Jump to content
Welcome to our new Citrix community!

Conditional SAML attribute mapping

Ross Bender

Recommended Posts

We have a SAML integration where we need to pass different attributes (and attribute values) based on the user and the groups they are in. We are using the Netscaler as a SAML identity provider (IdP) and connecting to our Active Directory for a user repository.


How can I map different attributes in the SAML IDP Profile, or invoke a different SAML IDP Profile for different users?

Link to comment
Share on other sites



the best ways it to have in AD an attribute or a group to differentiate the user. it'seem you have it with groups.

After you create as much ldap action and policy as group. and you add the group as filter for each action.

in each action you can map the righ attribute you need.


After in the AAA or NG, you cascade your policies.


so at the end the saml profile will alway get the same index attribut but it will ne not the same according of the group.


if you need an example, ask me I can provide you this week



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...