Field mappings define how user attributes flow between an external identity provider (IdP) and Identity as a Service (IDaaS). Configure field mappings to keep account status and attribute data in sync across systems.
How it works
Field mappings operate at two levels:
Account binding: Link an external account to an IDaaS account so that status changes propagate between them. For example, if a DingTalk user is deleted, the bound IDaaS account is also deleted.
Field synchronization: After accounts are bound, map individual fields so that attribute changes in the source are reflected in IDaaS. For example, map a DingTalk user's enterprise email address to the IDaaS account's display name. When the email address changes in DingTalk, the display name in IDaaS updates automatically.
To unbind a DingTalk user from an IDaaS account, organization, or group, first delete the corresponding IDaaS account, organization, or group. Organizations support account binding and field mapping, but mapping identifiers are not available for organizations.
Configure field mappings
Configure field mappings at either of these points in the IdP lifecycle:
When creating an IdP: Configure field mappings during IdP setup. This option is not available when creating a DingTalk IdP.
When modifying an IdP: On the IdPs page, click Modify Settings. In the panel that appears, click the Field Mapping tab, configure the mappings, and then click Confirm.