Use custom expressions as Name ID for SAML apps
Once you enable and configure SAML SSO for your apps in Zoho Directory,
Zoho Directory will authenticate your users into those apps. During authentication, Zoho Directory will pass a value called
Name ID
to the apps. The Name ID matches user identities in Zoho Directory with user identities in the app.
Example:
Consider a user, Amelia, has an email address amelia@zylker.app and a bank account number 123******47. Let's say a banking app, BankApp, requires users to enter their account number as the username when signing in. In other words, BankApp uses 123******47 to identify Amelia instead of using amelia@zylker.app.
Normally, when SAML SSO is configured between Zoho Directory and an app, Zoho Directory will pass the email address of the users as Name ID. However, BankApp is expecting an account number, not an email address; if amelia@zylker.app is passed to BankApp as Name ID, BankApp will show an error saying that it wasn't able to find any user whose account number is amelia@zylker.app. So the admin who sets up SSO will have to configure Zoho Directory to pass the account number to BankApp as Name ID.
As the Name ID needs to be unique, most apps use the user's primary email address as Name ID. But you can also define other user
information (such as first and last names, or any custom fields
that you have created for them) as the Name ID. This can be useful in
cases where the app doesn't support email address as username, or in
apps you've developed and implemented to use non-conventional
authentication methods.
To change the Name ID for an app:
- Sign in to Zoho Directory
, then click Admin Panel in the left menu.
- Go to Applications, then click on the app you want to change the Name ID for.
- Go to Single Sign-On, then click Service Provider Details.
- Under Credential Details, you can set:
- Application Username: The field that has to be passed to the app as username.
- Name ID format: The format in which the username has to be passed.
- Click Save.
For advanced requirements, you can set the Application
Username as a custom expression constructed as a combination of multiple
fields. These expressions can be constructed using string manipulation
methods on various fields in Zoho Directory.
The custom expression must be written in the following format:
String_method(<string>,<additional_values>)
For example, an organization may have a custom-built application that
uses a combination of the user's email username and employee ID as
the username. So, a Zoho Directory user with the email address amelia@zylker.app
and an employee ID of
7469
will use amelia-7469
as the username for the custom-built application. In this case, the admin would set the
Name ID format
as
Unspecified, the
Application Username
as
Custom, and the
Expression Value
as:
String.append(String.replace(user.email,"@zylker.app","-"),user.Employee ID)
Here's how this expression works:
- String.replace will be executed first. It replaces the email domain of the user (@zylker.app) with a hyphen, converting amelia@zylker.app
to amelia-.
- String.append will be executed next, and it appends the employee ID (7469) to the end of the output we got in the previous step (amelia-). So the final
Application Username
passed to the app would be amelia-7469.
The following table lists the fields that you can use to construct these expressions, and their corresponding formats:
|
Field name
|
Format
|
|
First name
|
user.firstName
|
|
Last name
|
user.lastName
|
|
Primary email address
|
user.email
|
|
Full name
|
user.displayName
|
|
Any custom fields' information
|
user.<custom field>
Example: For a field named
Vehicle Number
, the format would be user.Vehicle Number.
|
The string methods that you can use to construct expressions are:
|
String methods
|
Expression format
|
Description
|
Example
|
|
Append
|
String.append(<string>,<string_to_be_appended>)
|
Adds <string_to_be_appended> to the end of the <string>.
|
String.append(user.firstName,user.Employee ID)
The value in the user's "Employee ID" field will be appended with the user's first name.
If a user's first name is "Amelia" and employee ID is "7469," then the value will be "Amelia7469".
|
|
Index Of
|
String.indexOf(<string>,<character>)
|
Returns the position of the first instance of the given character in the <string>.
|
String.indexOf(user.firstName,"o")
Returns the position of the first instance of the
character "o" within the user's first name. If a user's first name is
"Johnson", then the position of the first occurrence of the character
"o" will be returned, which is 2.
|
|
Replace
|
String.replace(<string>,<string_to_be_removed>,<string_to_be_placed>)
|
Replaces all occurrences of
<string_to_be_removed> in the <string> with
<string_to_be_placed>.
|
String.replace(user.firstName,"e","a")
All the occurrences of "e" will be replaced by "a".
If a user's first name is "Ellen", then all occurrences of the
character "e" in the name will be replaced by "a", giving "
Allan" as the output.
|
|
Replace First
|
String.replaceFirst(<string>,<string_to_be_removed>,<string_to_be_placed>)
|
Replaces the first occurrence of
<string_to_be_removed> in the <string> with
<string_to_be_placed>.
|
String.replaceFirst(user.firstName,"e","a")
The first occurrence of "e" will be replaced by "a". If a user's first name
is "Ellen", then the first occurrence of the character "e" in the name will be replaced by
"a", giving "Allen" as the output.
|
|
Substring
|
String.substring(<string>,<beginIndex>,<endIndex>)
|
Fetches the part of the <string> that is specified by the indexes.
|
String.substring(user.firstName,0,1)
The first and second characters from the user's
first name will be fetched. If a user's first name is "John", then the
string "Jo" will be returned.
|
|
To Lower Case
|
String.toLowerCase(<string>)
|
Converts all characters in the given string to lower case.
|
String.toLowerCase(user.firstName)
The characters in the user's first name will be
converted to lower case. If a user's first name is "John", "john" will
be returned.
|
|
To Upper Case
|
String.toUpperCase(<string>)
|
Converts all characters in the given string to upper case.
|
String.toUpperCase(user.firstName)
The characters in the user's first name will be
converted to upper case. If a user's first name is "John", then "JOHN"
will be returned.
|
|
Trim
|
String.trim(<string>)
|
Removes leading and trailing spaces in the given
string. Can be used to sanitize fields that might have typos, or strings
that were derived using other methods like substring.
|
String.trim(user.displayName)
The blank spaces, if any, will be removed. For
example, if the full name of a user is " Johnson Doe", then the space
before "Johnson" will be removed, and "Johnson Doe" will be returned.
|
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Custom field is being used in the custom Name ID attribute to provide SSO
Description You may encounter this error when you're trying to disable or delete a custom field. Reason When setting up single sign-on (SSO) for Directory apps and custom SAML apps, a value called Name ID can be passed from Zoho Directory to the ...Custom authentication with miniOrange
Prerequisites Roles required to perform this action : Organization Owner Organization Admin Configure SAML with miniOrange Sign in to the miniOrange admin console. Click Apps in the left menu, then click Add Application. In the Choose Application ...Custom authentication with CyberArk
Prerequisites Roles required to perform this action : Organization Owner Organization Admin Configure SAML with CyberArk Sign in to the CyberArk admin console. Click Web Apps under Apps in the left pane. Click Add Web Apps, then search for "Zoho". ...Add SAML custom app
General Info: The Free plan allows you to add only up to 10 non-Zoho apps. Note: Check our app directory to see if the app you need is already integrated with Zoho Directory, or request an integration. Prerequisites Permissions required to perform ...Custom authentication with Google
Prerequisites Roles required to perform this action: Organization Owner Organization Admin Custom authentication with Google Custom authentication with Google enables SAML-based single sign-on (SSO) from Google to Zoho. With SSO, you and your ...
New to Zoho LandingPage?
Zoho LandingPage Resources