When setting up SSO (Single Sign-On), you now have the option to also map custom fields in TalentLMS with attributes from your IdP (Identity Provider). This will populate the custom fields with the value sent by the mapped attribute for each user.
Here’s how to set this up:
1. Create custom user fields in TalentLMS. This can be done in Account & Settings > Basic settings > Custom fields. See more on this here.
2. Navigate to your SSO settings in Account & Settings > Users and expand the Single Sign-On (1) options.
| Note: You will need to integrate your IdP first. Please see our SSO integration articles if you have not yet done this. For Branch SSO settings you will go to Branches > Select a branch > Single Sign-On. |
3. Go to the Custom fields input (2), and start typing the name of the custom field. A dropdown will appear with the fields that match your search.
| Note: “Ignore namespace in attributes' names” when enabled, will ignore the namespace URI in the attribute name. For example, your attribute name is “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeID”, and your custom field name is “employeeID”. With this option enabled, “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/” will be ignored, and only the “employeeID” part of the attribute name will be searched for. If you are sending the same custom field with and without a namespace, the one without the namespace has priority. |
4. Select a custom field to add it to the input. You can add multiple fields, just search for the field name and select it.
5. Click Save at the bottom of the page.
| Note: The next step will take place on your Identity Provider. Each IdP has a different way to create custom attributes. We recommend that you speak with the support team of your IdP for any assistance you may need with this step. |
6. In your IdP, create a custom attribute that matches the name of the custom field and add this to the SSO application you have integrated with TalentLMS. The custom attribute should be mapped to a user profile field in the IdP.
| Note: The name of this custom attribute must match the existing custom field name exactly. It is case-sensitive. If you're using OpenID Connect, make sure that the custom attributes are sent via the userinfo endpoint, as they cannot be sent to TalentLMS via a token endpoint. |
7. In the TalentLMS SSO setup page, click Save and check configuration and ensure that the custom attributes are coming through in the SSO login, and that they contain the desired data from the IdP.
| Note: You may need to clear your cookies and cache before clicking Save and check configuration to ensure that a clean session is used to check the data sent from the IdP. |
