Digging in to SAML Attributes
One of the common projets I'm often times engaged in is Single Sign-On migrations from a previous IdP to Microsoft Entra. Typically these projects are pretty structured. Do some planning to determine which apps need to be moved, prestage applications in the environment, start coordinating with Application Owners on requirements around configuration and claims, and then cutover the application at a predetermined time. Other than the sometimes painful work of communicating and coordinating with App Owners to discuss configuration and figure out if a Vendor has to get involved, attributes and claims are an easy thing to get wrong. It's easy to sidestep attributes when learning about SAML and not spend any time thinking about each claim is and how it's used, but then I feel like you're left with an incomplete view of how SAML actually works. This post is my attempt to grapple with them just a little bit more intentionally.