Skip to main content

1Kosmos Attributes

Overview

To enable passwordless login for SAML applications, it is necessary to provide additional context to the target application so the user may be correctly authorized to work within the application.

Depending on the application, some service providers may require a very simple profile (username, email), while others may require a richer set of user data. Use 1Kosmos attributes to define the data that needs to be shared.

Currently, two types of attributes exist within 1Kosmos:

  • 1Kosmos Session Attributes
  • 1Kosmos Ledger Attributes

1Kosmos Session Attributes

This is managed by the community administrator. By default, you are mapped with firstname, lastname, status, username, email, and phone attributes. Add any other attributes of the user that might be needed to identify the user.

The administrator must create an attribute called uid and map this attribute to the LDAP directory attribute named uid to view the user profile. Visit the LDAP Directory Integration topic to understand how to map the 1Kosmos attributes to the directory attributes.

(Attribute mapping)

Note: As a second step, these attributes need to be mapped to directory attributes to know where to pick up these values.

This topic describes the following procedures:

  1. Add a new session attribute
  2. Delete a session attribute

Adding Session Attributes

To add a new 1Kosmos session attribute, follow these steps:

  1. Login to the tenant as a community administrator.

  2. Navigate to Settings > 1Kosmos Attributes. The 1Kosmos Attributes page is displayed.

  3. In the 1Kosmos Attributes screen, click Add new.

  4. In the Create Attribute window, enter the appropriate session attribute name and click Create.

    The pop-up message 1Kosmos attribute created successfully is displayed with the newly added session attribute in the list of attributes on the 1Kosmos Attributes screen.

Deleting Session Attributes

  1. Log in to the tenant as a community administrator.

  2. Navigate to Settings > 1Kosmos Attributes.

  3. In the 1Kosmos Attributes screen, from the 1Kosmos Attribute list click on the Delete icon for the appropriate session attribute.

    The Delete Attribute dialog box is displayed with the Are you sure you want to delete attribute '<attribute_name>'? message.

  4. click Delete.

    The pop-up message 1Kosmos attribute deleted successfully. is displayed with the remaining session attributes in the list of attributes on the 1Kosmos Attributes screen.

1Kosmos Ledger Attributes

The ledger attributes are managed by 1Kosmos and limited to five(5) attributes. If available, these attributes can be returned as part of the SAML response.

  • device_info (device information)
  • dl (driver's license)
  • aal (authentication assurance level)
  • ial (identity assurance level)
  • ppt (passport)