This feature is designed to make data from your systems available for you to use within our systems. You are responsible for complying with all local policies and laws that may apply.
When you connect a local authentication system to OpenAthens you have the ability to map attributes from one system to the other - e.g. the 'mail' attribute from LDAP could be mapped to an Email address attribute in OpenAthens. This kind of mapping can achieve two things:
In both cases you can map as many or as few attributes as you need to accomplish your goals.
If the values of the attributes in your local system are not what you quite need, there is also an attribute transformation option.
Screenshots on this page are from an LDAP connection, but mappings are set up in the same basic way for any type of local authentication system.
To remove a mapping:
Any changes you save will go live almost immediately but do not affect users until the next time they sign in to OpenAthens - i.e. a user with an active browsing session will continue to use the old settings until their session ends (most relevant when you are testing your changes).
When you add a mapping to an existing schema attribute that is releasable, then the data in the local connection attributes you map becomes releasable too. This is usually both deliberate and desirable but may not always be so. You should be aware of and understand your release policies before adding a mapping to any releasable OpenAthens attribute.
When you remove a mapping, the data will no longer available to the system which has implications if anything is using it, especially if it is being used for access to a resource.
Mapped data is truncated to fit when it is too large and this may become relevant if you are mapping to the
Only fields considered attributes can be mapped as attributes - e.g. only the data in the attribute statement sent by SAML or the API connectors.
If you are mapping to a releasable attribute that would be scoped in a federation context (e.g. eduPersonPrincipalName), then OpenAthens will add the scope. This will lead to a value such as
firstname.lastname@example.org@organisation.org if you send values that already include a scope.