Search
Clear search
Close search
Google apps
Main menu

    Creating custom attributes using the user schema

    Some of the preconfigured SAML applications require that you add a custom attribute to a user. You can use the schema to update the user profile with these attributes you create. The examples below are tailored to the Amazon Web Services cloud application. They contain references to the Role ARN and Provider ARN, which are specific to Amazon Web Services.

    Create a custom schema

    1. Open the Schema insert page.
    2. Click the Requires authorization link, and authorize access to the Directory API.

    3. Enter "my_customer" for customerId.

    4. To the right of Request body, select Freeform editor from the drop down list, and paste the following text:

      {
        "fields": 
        [
          {
            "fieldName": "role",
            "fieldType": "STRING",
            "readAccessType": "ADMINS_AND_SELF",
            "multiValued": true
          }
        ],
        "schemaName": "SSO"
      }


      Notes:  The schemaName and fieldName can be any text value.
       If you want to use more than one role, set multiValued to true.

    5. Click Execute.
      You should see a 200 OK response, and the output of the request is displayed.

    Add custom data to a user profile

    1. Open the Schema creation page.

    2. Click the Requires authorization link, and authorize access to the Directory API.

    3. To the right of Request body, select Freeform editor from the drop down list, and paste the following text, replacing <role ARN>, and <provider ARN> with the appropriate values, available in the Amazon Web Services cloud application article.

      {
        "customSchemas": 
        {
          "SSO": 
          {
            "role": [
            {
             value: "<role ARN>,<provider ARN>",
             customType: "SSO"
            }
           ]
          }
        }
      }


      Notes:  If you want to provide access to more than one role, repeat the customType, value pair, within the {}, separating them with a comma ",".
      You can only set up multiple roles if you set multiValued to true when creating the schema.
      When multiple roles are available, the user will be prompted as to which one they want to use.
      For example:
      {
        "customSchemas": 
        {
          "SSO": 
          {
            "role": [
            {
             value: "arn:aws:iam::038047464115:role/SSO,arn:aws:iam::038047464115:saml-provider/Google",
             customType: "SSO"
            },
            {
             value: "arn:aws:iam::038047464115:role/tester,arn:aws:iam::038047464115:saml-provider/Google",
             customType: "tester"
            }
           ]
          }
        }
      }

      In this example the two roles are SSO and tester.

    4. Click Execute.
      You should see a 200 OK response, and the user profile is updated with the custom data.

    Was this article helpful?
    How can we improve it?
    Sign in to your account

    Get account-specific help by signing in with your G Suite account email address, or learn how to get started with G Suite.