Mapping SAML attributes in a SAML response

Information about mapping SAML attributes in a SAML response.

Supported SAML attributes

MaaS360 supports the following SAML attributes:

Key in SAML response (case insensitive) MaaS360 user interface Required
emailaddress Email Yes
location Location No
domain Domain Yes
fullname Full Name No
mobilenum Phone Number No
Creating custom SAML attributes
MaaS360 also supports custom attribute values that you can update based on the SAML response. For custom attributes, the key in the SAML payload must match the Variable Name for the custom attribute.
User attributes variable name

Example: Okta setup - SAML configurations

SAML keys

Missing or invalid mandatory parameters in the SAML response

If a mandatory parameter is missing or invalid during device enrollment, the following message is displayed:

The SAML token response is missing mandatory parameters or they are invalid. Please contact your IT administrator for further assistance. The parameters that are missing or invalid are domain, email.

At the end of the error message, the mandatory values that are missing in the SAML response are displayed. The current mandatory parameters that are supported are emailaddress and domain. From your corporate identity provider, you can change these values in the SAML response.