Custom Attribute Mapping Support

This question asks if customers can customize how user information flows from their systems into yours during login. When someone logs in via SSO, their system sends information like name, email, department, and role. Different organizations name and structure these fields differently. The question is whether you let customers map their fields (like 'dept_code') to your fields (like 'department'), or if you force them to restructure their data to match your requirements.

Flexible attribute mapping can reduce SSO implementation time by 80% and eliminate the need for custom development work that can cost tens of thousands per integration. Without this flexibility, enterprises must either modify their identity systems (often impossible) or build custom middleware (expensive and fragile). This capability is particularly crucial in higher education and large enterprises where identity systems have evolved over decades with unique attribute names and structures.

Many platforms hard-code expected attribute names based on one standard (like SAML) without realizing enterprises often have customized implementations. Another mistake is supporting mapping for basic fields but not for complex attributes like multi-valued roles or nested group memberships. Teams also often overlook the need for attribute transformation, not just mapping - like combining first and last name fields or parsing role hierarchies.