Related Topics
SAML Custom Variables
Custom variables in this section of the documentation can be used to customize a variety of settings associated with Using SAML/Federated Identity when working with SAML providers.
A Boolean variable that determines whether Process Director should add any Groups from a SAML login that Process Director doesn't already have.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Automatically create new SAML groups
bp.Vars.AddSAMLGroups = true;
}
This variable consists of a list of Group names to ignore in the auto-add logic (AddSAMLGroups )on the SAML login. E.g. if the SAML login includes an "admin" group, but you don’t want a SAML login to automatically add anyone to the pre-existing "admin" group in Process Director.
Examples
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// SAML Groups to ignore in the SAML import
List<string> IgnoreGroups = new List<string>();
IgnoreGroups.Add(@"admin");
IgnoreGroups.Add(@"Administrators");
bp.Vars.AddSAMLGroupsIgnore= IgnoreGroups;
}
OR
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// SAML Groups to ignore in the SAML import
bp.Vars.AddSAMLGroupsIgnore = new List<string> { "admin", "Administrators" };
}
A Boolean variable that determines whether Process Director should automatically create user accounts for externally authenticated users. The default value is "true". Setting the variable to "false" will prevent the automatic creation of user accounts.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Automatically create user accounts for externally authenticated users
bp.Vars.EXT_User_AutoCreate = true;
}
A Boolean variable that determines whether the user accounts that are automatically created from external authentication should be initially set as disabled. The default value is "false". Setting the variable to "true" will initially set automatically created user accounts as disabled.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Initially set automatically created user accounts as disabled
bp.Vars.EXT_User_AutoCreateDisabled = true;
}
This variable, when set to true, enables the use of duplicate User ID's when using SAML authentication. This requires that the SAML assertion send a unique GUID or identifier for the users. The default value for this variable is false.
Please note that the use of duplicate userIDs isn't recommended.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// If set to true, duplicate UserIDs will be allowed
// when using SAML authentication
bp.Vars.fAuthSAMLAllowDuplicateUserIDs = true;
}
This variable, when set to true, will, when group membership is specified in the SAML assertion, match the group assignments of an imported user to existing groups on the Process Director installation. When activated, the following import actions will occur to accomplish the group matching:
- Users will be removed from group membership in existing groups that don't exist in the SAML assertion, with the exception of groups that do not have AuthType set to
SAML
. - Users will be added to groups of which they aren't currently a member if the group exists in the SAML assertion. Users will be added to the groups, even if the group does not have AuthType set to
SAML
.
In other words, if a Process Director User Group exists that has the same name as a SAML group contained in the assertion, but the existing group does not have AuthType set to SAML
, the user import will ensure the user is always added to, but never removed from, the existing group.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Match SAML groups with PD group membership
bp.Vars.MatchSAMLGroups = true;
}
A string variable that sets the optional Identity Provider artifact URL.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// SAML Optional IDP URL
bp.Vars.SAML_Artifact_URL = "http://www.SAMLProviderURL.com";
}
A string variable that sets the name of the attribute containing a Custom Date.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Custom date attribute
bp.Vars.SAML_Attrib_CustomDate = "AttributeName";
}
A string variable that sets the name of the attribute containing a Custom String.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Custom string attribute
bp.Vars.SAML_Attrib_CustomString = "AttributeName";
}
A string variable that sets the name of the attribute containing a second Custom String.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Custom string 2 attribute
bp.Vars.SAML_Attrib_CustomString2 = "AttributeName";
}
This variable enables you to specify that the system will treat SAML users as if they were the Windows user type.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Treat SAML users as Windows users
bp.Vars.SAML_AuthType = User.eAuth.Windows;
}
An optional string variable that sets the ID of the SAML issuer. This ID is sometimes the same as the EntityId.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// SAML Issuer ID attribute
bp.Vars.SAML_Issuer = "IssuerID";
}
A string variable that sets the name of the attribute containing a Custom Number.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Custom number attribute
bp.Vars.SAML_Attrib_CustomNumber = "AttributeName";
}
A string variable that sets the name of the attribute containing the User's email address.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Email attribute
bp.Vars.SAML_Attrib_Email = "AttributeName";
}
A string variable that sets the name of the attribute containing the User Groups.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// User groups attribute
bp.Vars.SAML_Attrib_Groups = "AttributeName";
}
A string variable that sets the name of the attribute containing the User GUID.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// GUID attribute
bp.Vars.SAML_Attrib_GUID = "AttributeName";
}
A string variable that sets the name of the attribute containing the UserID.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// User ID attribute
bp.Vars.SAML_Attrib_UserID = "AttributeName";
}
A string variable that sets the name of the attribute containing the UserName.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Username attribute
bp.Vars.SAML_Attrib_UserName= "AttributeName";
}
A Boolean variable that determines whether to require that SAML login. Setting the value to "true" will require the SAML login. The default value is "false".
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Require SAML login
bp.Vars.SAML_Enable = true;
}
For Process Director v6.0.100 and higher, this Boolean variable determines whether to enable Azure Single Sign-Out for SAML. Setting the value to "true" will when logging out of Process Director, also completely log the user off the SAML Identity Provider (Azure). The default value is "false".
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Enable SAML Single Sign-Out for Azure
bp.Vars.SAML_Enable_SLO = true;
}
A string variable that sets the optional path to the identity provider's public certificate used to validate the assertions in the SAML response.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Assertion certificate path
bp.Vars.SAML_IP_AssertionCertificate =
"https://www.certificateURL.com/path/certificate.cer";
}
A string variable that sets the optional path to the identity provider's public certificate used to validate the entire SAML response.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// IDP certificate path
bp.Vars.SAML_IP_Certificate =
"https://www.certificateURL.com/path/certificate.cer";
}
A string variable that sets the optional path to your public certificate used for SAML requests.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Certificate path
bp.Vars.SAML_My_Certificate =
"https://www.certificateURL.com/path/certificate.cer";
}
A string variable that sets the optional path to the PFX file used to sign SAML requests.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// PFX file location
bp.Vars.SAML_My_PFX = "C:\File\Path";
}
A string variable that sets the optional password of the PFX file used to sign SAML requests.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// PFX file password
bp.Vars.SAML_My_PFXPassword = "password";
}
A Boolean variable that determines whether the "next URL" is set inside the relay state variable. The default value is "false".
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Enable URL relay
bp.Vars.SAML_NextURLInRelayState = true;
}
A Boolean variable that determines whether the SAML login button will be removed from the home page. The default value is "false". Setting the variable to "true" will hide the login button.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// Hide the SAML login button
bp.Vars.SAML_NoLoginButton = true;
}
An optional string variable that sets the ProviderName of the SAML issuer.
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// SAML provider name attribute
bp.Vars.SAML_ProviderName = "ProviderName";
}
A string variable that sets the URL of the SAML identity provider.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// SAML IDP URL
bp.Vars.SAML_URL = "http://www.SAMLProviderURL.com";
}
A string variable that sets the optional Destination URL of the SAML Identity Provider, i.e., the URL in SAML request Destination field.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// SAML Destination URL
bp.Vars.SAML_URL_Destination = "http://www.SAMLProviderURL.com";
}
A string variable that sets the optional URL of the SAML logout page to use when redirecting a user who logs out of Process Director.
Example
public override void SetSystemVars(BPLogix.WorkflowDirector.SDK.bp bp)
{
// SAML logout URL
bp.Vars.SAML_URL_Logout = "http://www.SAMLLogoutURL.com";
}
Documentation Feedback and Questions
If you notice some way that this document can be improved, we're happy to hear your suggestions. Similarly, if you can't find an answer you're looking for, ask it via feedback. Simply click on the button below to provide us with your feedback or ask a question. Please remember, though, that not every issue can be addressed through documentation. So, if you have a specific technical issue with Process Director, please open a support ticket.