Configure Attribute Mapping

Attribute Mapping Policies are YAML-formatted files that are used to map SAML attributes to Rackspace-required fields, such as roles and account permissions.

An Attribute Mapping Policy is required for every Identity Provider that you create.

Attribute Mapping Policies are composed of one or more rules. These rules assign local values that are attached to the user when they log in to Rackspace, based on explicit or remote values in the SAML exchange from your third-party provider.

An Attribute Mapping Policy has the following common use cases:

• Assign roles to a user based on a SAML attribute (such as groups provided by Active Directory Federation Services (ADFS)).
• Identify Rackspace-required values like email address when they are not stored in the standard SAML attribute location.
• Set the expiration time after which users are required to re-authenticate.

The deep-dive Attribute Mapping Policy reference guide provides detailed functionality and examples for the Attribute Mapping Policy language. Use the reference guide to construct policies that use features like conditional matching, substitutions, and other scenarios.

The Attribute Mapping Policy reference can be found at https://rackerlabs.github.io/attributeMapping/docs-1.3.0/.

To customize your Attribute Mapping Policy, review the following sections for required and product-specific guidance. For more examples and a complete guide to the Attribute Mapping Policy language, see the Appendix: Attribute Mapping Policy Reference.

• Required SAML attributes and mapping example
• Assigning Rackspace permissions
• Assigning Fanatical Support for AWS Permissions
• Rackspace Cloud roles reference