Applies to

Smartsheet
  • Enterprise

For more information about plan types and included capabilities, see theSmartsheet Planspage.

SAML Assertion: Supported Claims Examples in Smartsheet

PLANS

  • Smartsheet
  • Enterprise

For more information about plan types and included capabilities, see theSmartsheet Planspage.

Use this article as a reference for supported claims and SAML assertion examples.

Required Attributes

For successful sign in authentication, both the Persistent ID and Email Address claims need to be passed to Smartsheet. This requires two separate claims and you will find additional details below.

Persistent ID—This can be described as the attribute that is least likely to change for an identity. Smartsheet accepts six formats (a few of them are not specified in the SAML 2.0 standard) encoded in the NameID element. Here are the formats we support:

  • urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  • urn:oasis:names:tc:SAML:2.0:nameid-format:email
  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
  • urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10

内容也将接受断言没有NameID element and will extract a Persistent ID value from an attribute if there is an attribute that matches the following:

  • name="eduPersonPrincipalName" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  • name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"
  • name="persistent" nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
  • name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
  • name="eduPersonPrincipalName" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

Email address—This is the email address associated with the Smartsheet account. This equates to a username in the Smartsheet service. This must be an attribute and will not be extracted from the NameID element. Here are the accepted formats:

  • name="email" name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  • name="emailAddress",nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  • name="Email",nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  • name="saml_username",nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  • name="emailaddress",nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
  • name="emailaddress",nameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  • name="urn:oid:0.9.2342.19200300.100.1.3",nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
  • name="mail",nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"

Optional Attributes

Given Name—The given name of the person associated with the account (first name). Here are the formats that Smartsheet supports:

  • name="givenName" name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
  • name="givenname" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  • name="given_name" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  • name="givenname" nameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
  • name="givenname" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
  • name="urn:oid:2.5.4.42" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

Surname—The surname of the person associated with the account (last name). Here are the formats that Smartsheet supports:

  • name="surname"
  • name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
  • name="surname" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  • name="sur_name" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
  • name="surname" nameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
  • name="surname" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
  • name="urn:oid:2.5.4.4" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

Sample Assertion

When you generate metadata, you must use the claims given above.

Click the following link to see several examples of SAML response assertions:
https://www.samltool.com/generic_sso_res.php

NOTE: These examples are for illustrative purposes only and won't work in Smartsheet. Your metadata must be generated by your IdP.

Related Content

Was this article helpful?
Yes No