Attribute Mapping

The attribute mapping feature allows linking user attributes received from an OAuth or OpenID Connect Provider to Drupal user fields. Upon a successful Single Sign-On, the values from the mapped attributes are assigned to their corresponding Drupal fields.

Basic Attribute Mapping

The Basic attributes for creating a user in Drupal include Email and Username. Basic attribute mapping allows you to map Drupal Email and Username with any valid attribute received from the OAuth or OIDC Provider.

Configure Basic Attribute Mapping

• Once you have configured the OAuth or OIDC Provider successfully, you can click on the Test Configuration button to verify if the configurations are correct or not.
• If all the configurations are correct, you will receive a list of attributes from OAuth or OIDC Provider.
• After you have received the attribute list, navigate to the Attribute & Role Mapping tab.
• To map the attributes of a provider, click on their respective Edit link.

• After clicking the Edit link, the Attribute Mapping section will appear.

• On the right section, you will be able to see the complete list of the attributes received from OAuth or OIDC Provider.
• Basic attribute mapping includes Email and Username. Let's configure the Email attribute first.
• In the Email Attribute text field, select the Attribute Name from the dropdown in which the email address of the user is received from the OAuth or OIDC Provider. In our case, we have received the email address of the user under the email attribute.

• Similarly, in the Username Attribute text field, enter the Attribute Name in which the username of the user is received from the provider. In our case, we have received the Username of the user under the name attribute. Scroll down and click on Save Configure button.

Custom Attribute Mapping

The Custom Attribute Mapping allows you to map any additional user information received from the OAuth or OIDC Provider to the user profile attributes in Drupal. This feature helps you to sync any user information other than Username and Email when the user performs SSO. In order to configure the Custom Attribute Mapping, we need to create a few user fields first.

Add User field in the Drupal site

• For example, we will create 1 field - First name.
• Navigate to the People → Account Settings.
• Click on the Create a new field button.
• In the Label text field, enter First Name. Drupal will automatically generate the machine name using the text that you have put in the text field.
• Select the Plain text field type under the Choose a type of field.
• Click the Continue button.
• Enter the Maximum length and Allowed number of values.
• Click on the Save settings button.

Configure Custom Attribute Mapping

• In the Attribute & Role Mapping tab, scroll down to the Custom Attribute Mapping section.
• Under the OAuth Server Attribute Name drop-down, select the attribute in which you have received the First Name of the user. In our example, we are receiving the First name of the user under the name attribute. So we will select the name attribute from the drop-down.
• Now, from the Drupal Machine Name drop-down, select the machine name of the First name field that we created earlier.
• Now, if you want to map multiple user attributes, you can click on the + button (next to the Add Custom Attribute) and follow the same procedure again. For example, we will map another Attribute that we are receiving - lastname.
• Once you have mapped all the required fields as per your use case, scroll down and click on the Save Configuration button.

Let’s see how this works

• Open a new incognito window and go to your Drupal site's login page.
• Click on the Login using the Provider link to initiate the SSO.
• Once you are logged in to the Drupal site successfully, navigate to the My Accountaccount link.
• You will be able to see that the user's First name and Last name will be mapped to Drupal's respective fields.