-1

I am very new to SAML and currently doing research on whether SAML is the right solution for me.

All the SAML examples that I can find work on the email domain. I wonder if it is possible to build a service provider and identity provider based on a phone number.

For example,

  • if I go to https://www.atlassian.com/ login form and input my email jake@example.com, Atlassian will ask for my password.
  • if I instead enter jake@company.com where company.com is configured for Google SSO, Atlassian will redirect me to the Google login form. By using email domain, Atlassian is able to redirect to different Identity Providers, therefore maintaining a multi-tenancy SaaS solution.

Is it possible to implement SAML SSO based on a phone number or other attributes? What are the other commonly used attributes?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Jake
  • 477
  • 2
  • 6
  • 12

1 Answers1

0

That's not how that works.

Atlassian sets up your account with an indication of whether or not your account uses SSO. There is no magic with the email domain.

So, when you enter jake@example.com, its authentication function sees that it is supposed to use local authentication and kicks in the password authentication process.

When you enter jake@company.com, its authentication function sees that it is supposed to use SSO, and kicks off that process.

SSO isn't kicked off first before there is a determination of which authentication method to use in the first place.

So knock your socks off. Use whatever data you would like. Its your authentication system.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • I think you are just repeating my observation that Atlassian looks at the email/domain and then determine the authentication method? What I am asking is, other than email/domain what other account attributes are commonly used, therefore maintaining the multi-tenancy design? For example, I don't think using first name will work because many people have the same first name. Does that make sense? – Jake May 29 '21 at 14:48
  • No, you asked what SAML looks at, not what Atlassian looks at. – schroeder May 29 '21 at 14:53
  • If that's what you want to ask, I'm not sure this is about SAML, SSO, or even security. Like I said, use whatever makes sense in ***your*** context. – schroeder May 29 '21 at 14:54
  • In SAML, what is this called? Is there any criteria for choosing so that it _makes sense_ in terms of practicality, security and multi-tenancy design? – Jake May 29 '21 at 14:57
  • 1
    Are you asking what *your service* will use to make authentication decisions, or what the *Identity Provider* will use as an attribute? The latter is completely up to the IdP. The former is entirely up to your service and your needs. – schroeder May 29 '21 at 15:02
  • OK, based on your replies I think I got the answer I need. It's in your original answer -- "It doesn't matter because SAML SSO hasn't kicked in at this stage", but it is not apparent for a newbie like myself without the additional replies in this comment section. Thanks. – Jake May 29 '21 at 15:09