External systems may identify a user by email address, UPN, or some other method. This external identifier may not correspond to the user code in the r5users table. To facilitate the mapping from an external user id to an r5users record, a new column (usr_externcode) has been added to r5users. This new column may be populated from the User Setup screen by means of the External User ID field, which is hidden by default.
When a user is authenticated, the user id returned to EAM in the SAML response (in the SAML claim specified by the userAttribute element in the sso configuration file) can match either the externcode or the usrcode in r5users.
If the user id in the SAML response does not match an existing r5users record, a new record may be created automatically (assuming proper role configuration).
-
externcode column - Set based on the userAttribute SAML claim in sso configuration file
-
usrcode column
-
Set based on the internalUserAttribute SAML claim in sso configuration file if that value is present and not too long for the column
-
Otherwise, set to the externcode if that value is not too long for the column
-
Otherwise, set to a randomly generated number.
-