SAML 3.0 - Configuring Users Credentials

SAML 3.0 - Configuring Users Credentials


In order for staff to access SynWeb, the staff member must have the following setup:

  1. Community Member must be a user in Group Security Maintenance and:
    1. Must have a group assigned to the user.
    2. Group have permissions to modules required.
  2. Claim attribute value passed from IDP has to be any of:
    1. Network Login
    2. Config User Login Name
    3. Idam Login
    4. Community GUID

If there are more than one community member returned when the claim attribute value is provided by the IDP. SynWeb/ Community Portal will fail to login.

To investigate what is being returned execute the following SQL query.

exec spsGetUserLoginData @SelectByValue = '<<claim attribute value>>'

Community Portal


Network Login

In order for a parent to be able to login to Community Portal. The Community Maintenance > Other > Network Login field needs to be populated. The claim attribute value provided by the IDP will check against the network login field, and only if it does not exist, will look for a Config Group/User Security user.

The network login field can contain the domain prefix "cda_main\ahui".

Using GUID as Claim Attribute Name

Only applicable to SynWeb/Community Portal versions prior to v68. (Newer versions do not require configuration)

Community GUID

If you want to use the Community GUID attribute, in the XML configuration, you will need to set claim attribute name to either "NameID, Name or NetworkLogin".


Setting the Claim Attribute Name to IdamGUID will limit the user verfication to only check the IDAM Guid column from the Community Table.