Talis Elevate supports the automatic creation of user profiles when a user logs in for the first time, and the continued update of that profile if changes to names and email addresses are made in university identity management systems.
This article describes what information to send and how to send it in order to make use of this functionality.
From the users perspective
If the student or academic has never logged in before, a profile will be created and filled out for them using the attributes in the SAML login conversation. This happens behind the scenes and won't prompt the user to take any specific action. They will be able to get on with reading the resource. We remove a potential friction point in the new user's experience.
For existing users, the profile first name, surname and email address will be replaced with the info in the attributes sent through the SAML login conversation if they have changed or are different to the ones in their current profile.
Academic users will be able to customise how their name is shown to students.
On The University Side
You will need to send us the following pieces of information to fill out the required fields in Talis Aspire. These should be sent as SAML attributes.
Talis can not help you with configuring your specific SAML IDP, as each University will have its own specific mix of authentication systems and data flows. The administrator of your University SAML2 Identity Provider (IDP) will need to do this for you.
SAML Attribute Name in the eduPerson Object Class Specification | Talis Aspire Profile Field |
Description |
Mandatory urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
Targeted ID | A unique obfuscated identifier. We are aware that in future versions of eduPerson this will be deprecated. Transition information will be communicated at the appropriate time. |
Desirable One of the following: givenName |
First Name | The first or given name of the user |
Desirable One of the following: sn |
Surname | The Family or Surname of the user |
Desirable One of the following:
|
Email Address | The email of the user. |
If the SAML attribute names do not appear exactly as described above, then the value will not be included in the user's profile. Additional attributes may be mapped if required, but we'd need to discuss this with your authentication team.
If you need to know the entityID for the Talis Elevate login Service Provider, it is:
EU APAC - https://login.talisaspire.com/entity
Canada North America - https://login.ca.talis.com/entity
On the Talis Side
Talis will ask you some questions, and help you test that the required parameters are being passed correctly.
Important Notes
- Profile name, surname and email are automatically updated on every login if those values change in the SAML attributes.
- Users can not normally edit their names or emails in their Talis Elevate profile. All changes for names and emails would be fed through from the university provided SAML attributes.
- If an attribute is not set, then users will be asked to fill in missing fields themselves.