Skip to main content

BlockID Attributes

Overview

To enable passwordless login for SAML applications, it is necessary to provide additional context to the target application so the user may be correctly authorized to work within the application.

Depending on the application, some service providers may require a very simple profile (username, email), while others may require a richer set of user data. Use BlockID attributes to define the data that needs to be shared.

Currently, two types of attributes exist within BlockID:

BlockID session attributes

This is managed by the community administrator. You are mapped with firstname, lastname, status, username, email, and phone by default. Add any other attributes of the user that might be needed to identify the user.

The administrator must create an attribute called uid and map this attribute to the LDAP directory attribute named uid to view the user profile. Visit the LDAP Directory Integration topic to understand how to map the BlockID attributes to the directory attributes.

(Attribute mapping)

Note: As a second step, these attributes need to be mapped to directory attributes to know where to pick up these values.

This guide describes the following procedures:

  1. Add a new session attribute
  2. Delete a session attribute

Add a new session attribute

To add a new BlockID session attribute, perform the following steps:

  1. Login to the AdminX portal, navigate to Settings > BlockID Attributes.
  1. In the BlockID Attributes screen, click Add new.
  1. In the Create Attribute window, enter the appropriate session attribute name and click Create. The pop-up message BlockID attribute created successfully. is displayed with the newly added session attribute in the list of attributes on the BlockID Attributes screen.

Delete a session attribute

  1. Login to the AdminX portal, navigate to Settings > BlockID Attributes.
  2. In the BlockID Attributes screen, from the BlockID Attribute list click on the Delete icon for the appropriate session attribute. The Delete Attribute dialog box is displayed with the Are you sure you want to delete attribute '<attribute_name>'? , click Delete.
  1. The pop-up message BlockID attribute deleted successfully. is displayed with the remaining session attributes in the list of attributes on the BlockID Attributes screen.

BlockID ledger attributes

The ledger attributes are managed by BlockID and limited to five(5) attributes. If available, these attributes can be returned as part of the SAML response.

  • device_info (device information)
  • dl (driver's license)
  • aal (authentication assurance level)
  • ial (identity assurance level)
  • ppt (passport)