Map user attributes

Using single sign-on (SSO), you can pass attributes from your identity provider’s Active Directory to your Adobe Workfront users.

Access requirements

You must have the following access to perform the steps in this article:

Adobe Workfront plan
Adobe Workfront license

New: Standard


Current: Plan

Access level configurations
You must be a Workfront administrator.

For more detail about the information in this table, see Access requirements in Workfront documentation.

Tips for mapping attributes

Keep the following in mind when mapping attributes:

  • Always test in a Preview sandbox or a Customer Refresh (CR) sandbox.

  • Test with both administrator and non-administrator accounts to confirm that you are mapping attributes correctly.

  • Attributes that are mapped are applied each time a user signs in via single-sign on.

    Example: if you are mapping “last name” and update their name in Workfront without updating the value in their Identity Provider, then the last name will get overwritten to match the value of whatever is in the Identity Provider the next time the user signs in.

Map user attributes for your organization

The procedure for mapping attributes differs depending on whether your organization is on the Adobe unified experience.

To determine whether your organization is on the Adobe unified experience, examine the URL that you use to access Workfront.

Adobe Experience
Classic experience
Adobe unified experience

Map user attributes in the classic experience

  1. Click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Setup .

  2. Click System > Single Sign-On (SSO).

  3. In the Type drop-down, click SAML 2.0.

  4. Click Map User Attributes.

  5. In the row of options that appears, map the attributes you need for your Workfront users.

    You can map attributes such as Address, Manager, Job Role, Home Group, and so on.

    Attribute mappings work on a 1:1 Ratio. For example, you cannot set every group that a user belongs to; you can set only one per user.

    note important
    We do not recommend mapping Access Levels in the Attribute Mappings. If you do, be careful when you are setting the default value to make sure that you don’t remove Admin Access inadvertently.

    The following table explains the fields you can use to map attributes:

    table 0-row-2 1-row-2 2-row-2 layout-auto html-authored no-header
    Workfront User Attribute Choose the name of the attribute you are mapping
    Directory Attribute Type the SSO attribute label you want to use.
    Default Value After you choose a Workfront User Attribute, if the value is NULL during the connection, this field fills in with the corresponding default value in the system. Type a value here only if you plan to apply attribute mapping rules (see step 7). The default value acts as an exception to those rules.
  6. (Optional) Click Rules to add a rule to the attribute.

    1. In the drop-down, choose the attribute modifier you want to use.

    2. In the 2 fields to the right, type the directory attribute value and the value you want to replace it with.

    You can click Add Rule to add more rules to the attribute.

  7. (Optional) To map more user attributes, click Add Mapping and repeat steps 6-7.

  8. Click Save.

Map user attributes in the Adobe unified experience

  1. Click the Main Menu icon in the upper-left corner of Adobe Workfront, then click Setup .

  2. Click System > Single Sign-On (SSO).

  3. Select the Adobe tab.

  4. (Optional and conditional) If your organization had attribute mapping configured in the classic experience and you want to copy that attribute mapping to the Adobe unified experience, click Migrate Mappings. You can then discard, delete, or edit these mappings.

    note note
    We recommend migrating mappings the first time you configure mappings in the Adobe unified experience. There is no harm in migrating them again later, but migrating them more than once is unnecessary.
  5. To create a new attribute mapping, click Add Mapping.

  6. Click the arrow next to the Workfront field name and select the Workfront field that you want to map to.

  7. (Optional) If you want to create more than one rule for a given field, click the arrow next to Always and select the operator that you want the rule to use.

  8. (Conditional) If you have selected an operator besides Always, select the Workfront field and value that the operator applies to.

    note note
    The operators Is Truthy and Is Falsy do not require values.
  9. Select whether you want to apply the value of an attribute in your identity manager to the Workfront field, or if you want to apply a specific constant value.

  10. Enter the name of the identity manager field that you want to apply, or enter the text of the constant value you want to apply.

  11. (Optional) To add more rules for the same Workfront field, click Add New Rule, and follow steps 4-9.

    note important
    • Any rule below an Always rule will be ignored. If you have an Always rule, you must move it to the bottom of the list of rules. You can move rules in the list by clicking the three-dot menu to the right of the rule and move the rule up or down.
    • To create a rule in the middle of the list, click the three-dot menu next to the rule that you want to be above or below the new rule, and select Add Rule Above or Add Rule Below.
  12. To delete a rule, click the three-dot menu next to the rule you want to delete, and select Delete.

  13. To delete a mapping, click the Delete icon that is on the card for that mapping.

  14. To save, scroll to the top of the page and click Save.