You can configure multiple claim transformations to the SaaS applications. Each claim consists of a set of rules where each rule has a condition which gets evaluated and the respective action for the rule runs to fetch the value for an attribute in the SAML assertion.

Configuring SAML Transformation allows you to create rules that modify their SAML assertions so that the target SAML apps have the claims they need from VMware Identity Manager.

To add claim transformations, complete the following:

  1. Navigate to Apps & Books > Applications > Web > SaaS and select New.

  2. Complete the options on the Definition tab.
  3. Complete the options on the Configuration tab.

  4. Select Advanced Properties, and scroll down to Custom Attribute Mapping.
  5. Select Add Row to configure the Custom Attribute Mapping.

    Setting Description
    Name Enter the name of the custom attribute.
    Format Select the format required by the service providers for the SAML subject format.
    Namespace Enter the namespace.
    Value Enter the Custom Attribute Mapping value.
  6. Select the SAML Transformation icon ( SAMLTransformation) if you want to configure claim transformations to the SaaS application.
  7. Select Add Transformation.
  8. Complete the options in the New SAML Transformation screen.

    Setting Description
    If user belongs to group(s) Select the user groups for which you want to define the transformation.
    and/or condition

    Define a condition that combines the group and domain membership.

    and - The current condition and the one above must be met for the configuration to be applied.

    or - The current condition or the one above must be met for the configuration to be applied.

    If user's
    1. Choose the attribute
    2. Choose any of the following conditions:
      • Equals
      • Contains
      • Starts with
      • Ends With
    3. Enter the value.

    Select Add Row, to create a nested condition.

    Then
    • Mapping Attribute : If you choose Mapping Attribute, you can enter the value of the attribute in the Value text box.
    • Replace Prefix or Suffix: If you choose to replace prefix or suffix, you can partially replace the attribute with a value either before or after.
    • Replace String: If you choose replace the string, you can replace the string with another string. Enter the name of the string that you want to find in the Find text box. Enter the name of the replace string value in the Replace with text box.
  9. Select Save.