If you have set up SAML as your authentication method in the main plan, you can define policies to assign users to the appropriate managed plan automatically. For example, any user with SAML attribute “department” that has a value of “finance” can be assigned to the managed plan owned by the Finance department.
To set up a user movement policy:
- On the Manage plans screen, select Configure user movement policy.
If this is the first time you’ve set up a policy, you’ll see a pre-filled template. The template has a section corresponding to each of the managed plans. Use the attribute and values fields to set the policy for a specific managed plan.
You can use any of the following attributes:
Variable: Title
Schema:
name="http://schemas.xmlsoap.org/ws/2021/01/identity/claims/title"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Department
Schema:
name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Cost Center
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/costcenter"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Primary Phone Number
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/primaryphone"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Mobile Phone
Schema:
name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Manager
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/manager"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Company
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/company"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Country
Schema:
name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Role
Schema:
name="http://schemas.microsoft.com/ws/2008/06/identity/claims/jobrole"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Given Name
Schema:
name="givenname"
This represents the user's first name
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: Surname
Schema: name="surname"
This represents the user's last name
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
You can also use custom attributes by mapping them to any of these ten attributes.
Variable: customField1
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield1"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField2
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield2"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField3
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield3"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField4
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield4"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField5
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield5"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField6
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield6"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField7
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield7"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField8
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield8"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField9
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield9"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Variable: customField10
Schema:
name="http://schemas.smartsheet.com/ws/2021/01/identity/claims/customfield10"
NameFormats supported:
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
New users that don’t have a match will end up in the main plan.