Provider property mappings
Property mappings allow you to pass information to external applications. For example, pass the current user's groups as a SAML parameter.
Create a custom provider property mapping
If the default provider mappings are not enough, create a custom provider property mapping and assign it to the provider that should use it.
- In authentik, open the Admin interface, and then navigate to Customization > Property Mappings.
- Click Create, select the provider property mapping type for your provider, and then click Next.
- Configure the property mapping. Most provider property mappings use an Expression field for the Python code that returns the mapped data.
- In the provider configuration, select the newly created property mapping in the appropriate property mapping field, such as User Property Mappings or Group Property Mappings.
SAML property mappings
SAML property mappings allow you embed information into the SAML authentication request. This information can then be used by the application to, for example, assign permissions to the object.
Scope mappings with OAuth2
Scope mappings are used by the OAuth2 provider to map information from authentik to OAuth2/OIDC claims. Values returned by a scope mapping are added as custom claims to access and ID tokens.
email_verifiedBy default, authentik sets the email_verified claim to False, since it has no way to confirm whether a user's email is verified. Setting this claim to True by default could introduce unintended security risks.
Be aware that some applications might require this claim to be true to successfully authenticate users. See Email scope verification for more information.
Skip objects during synchronization
To skip synchronization for a specific object, you can create a property mapping with an expression that triggers the SkipObject exception. This functionality is supported by the following providers: Google Workspace, Microsoft Entra ID, and SCIM.
Example:
if request.user.username == "example_username":
raise SkipObject