With Altamira HRM you can enable self provisioning of users when using single sign on. With user self provisioning Altamira HRM will check if a local user with the given user name exists and if does not find one it will create a new user. Toghether with group synchronization this allows IT Administrators to centrally manage users and permssions: once a user has been created at the identity provider they will be able to access Altamira HRM directly with no further configuration.
Self provisioning is optional: if you do not configure self provisioning then Altamira HRM will map the user name in the SAML response to an existing username in Altamira HRM. If a match is found then the user will be authorized, if not an error will be logged in the event log.
There are two entities required for a user to be able to access Altamira HRM: a User entity and an Employee entity. When user self provisioning is enabled, the User entity is automatically managed but for the Employee entity you will need to decide how the SAML claims are mapped to the Employee entity: this is called Claim mapping.
To map SAML claims to the Employee entity you must first select a form built on the Employees entity. To learn more about how to build forms please see Forms and Views. Once you have selected a view you can map SAML claims to the fields of the form. to do this:
- Click Setup\Account\Custom domains and click on the custom domain you wish to map claims for
- Click on Actions\Map Claims to Altamira fields
- Click Add and type the full name of the SAML claim in the Source field and select the corresponding Altamira field in the Destination field. Click on Save.
- If the SAML claim is a unique key for the Employee, check the Key field checkbox
The SAML claim mapping is built by leverageing the Altamira Import engine so you can make use of other properties in the mapping such as custom scripts, default values and lookup views. Please see Importing data into Altamira HRM for more information.