Implement attribute mapping step

LauraBeatris · LauraBeatris · commit 35c3b4e030d5 · 2026-06-01T14:50:09.000-03:00
diff --git a/packages/localizations/src/en-US.ts b/packages/localizations/src/en-US.ts
@@ -703,6 +703,39 @@ export const enUS: LocalizationResource = {
             },
           },
         },
+        attributeMappingStep: {
+          headerSubtitle: 'Map user attributes from Microsoft Entra to your application',
+          title: 'We expect your SAML responses to have the following specific attributes:',
+          paragraph:
+            "These are the defaults and probably won't need you to change them. However, many SAML configuration errors are due to incorrect attribute mappings, so it's worth double-checking. Here's how:",
+          step1: 'On the <bold>SAML-based Sign-on</bold> page, find the <bold>Attributes & Claims</bold> section.',
+          step2: 'Select <bold>Edit</bold>',
+          step3: 'Verify that the above three attributes and values are present.',
+          attributeMappingTable: {
+            columns: {
+              attribute: 'Attribute',
+              claimName: 'Claim name',
+              value: 'Value',
+            },
+            rows: {
+              email: {
+                attribute: 'Email address',
+                claimName: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
+                value: 'user.mail',
+              },
+              firstName: {
+                attribute: 'First name',
+                claimName: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
+                value: 'user.givenname',
+              },
+              lastName: {
+                attribute: 'Last name',
+                claimName: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
+                value: 'user.surname',
+              },
+            },
+          },
+        },
       },
     },
   },
diff --git a/packages/shared/src/types/localization.ts b/packages/shared/src/types/localization.ts
@@ -1744,6 +1744,26 @@ export type __internal_LocalizationResource = {
             };
           };
         };
+        attributeMappingStep: {
+          headerSubtitle: LocalizationValue;
+          title: LocalizationValue;
+          paragraph: LocalizationValue;
+          step1: LocalizationValue;
+          step2: LocalizationValue;
+          step3: LocalizationValue;
+          attributeMappingTable: {
+            columns: {
+              attribute: LocalizationValue;
+              claimName: LocalizationValue;
+              value: LocalizationValue;
+            };
+            rows: {
+              email: { attribute: LocalizationValue; claimName: LocalizationValue; value: LocalizationValue };
+              firstName: { attribute: LocalizationValue; claimName: LocalizationValue; value: LocalizationValue };
+              lastName: { attribute: LocalizationValue; claimName: LocalizationValue; value: LocalizationValue };
+            };
+          };
+        };
       };
     };
     confirmation: {
diff --git a/packages/ui/src/components/ConfigureSSO/steps/ConfigureStep/saml/SamlMicrosoftConfigureSteps.tsx b/packages/ui/src/components/ConfigureSSO/steps/ConfigureStep/saml/SamlMicrosoftConfigureSteps.tsx
@@ -11,6 +11,7 @@ import { useConfigureSSO } from '../../../ConfigureSSOContext';
 import { Step } from '../../../elements/Step';
 import { useWizard, Wizard } from '../../../elements/Wizard';
 import { InnerStepCounter } from '../../../elements/Wizard/InnerStepCounter';
+import { AttributeMappingTable, type AttributeMappingTableConfig } from './shared/AttributeMappingTable';
 import {
   applySamlSubmitError,
   buildSamlConfigurationPayload,
@@ -45,6 +46,16 @@ export const SamlMicrosoftConfigureSteps = (): JSX.Element => {
         <SamlMicrosoftServiceProviderStep />
       </Wizard.Step>
 
+      <Wizard.Step id='attribute-mapping'>
+        <Step.Header
+          title={localizationKeys('configureSSO.configureStep.samlMicrosoft.mainHeaderTitle')}
+          description={localizationKeys('configureSSO.configureStep.samlMicrosoft.attributeMappingStep.headerSubtitle')}
+        >
+          <InnerStepCounter />
+        </Step.Header>
+        <SamlMicrosoftAttributeMappingStep />
+      </Wizard.Step>
+
       <Wizard.Step id='identity-provider-metadata'>
         <Step.Header
           title={localizationKeys('configureSSO.configureStep.samlMicrosoft.mainHeaderTitle')}
@@ -394,6 +405,134 @@ const SamlMicrosoftServiceProviderStep = (): JSX.Element => {
   );
 };
 
+const MICROSOFT_ATTRIBUTE_MAPPING: AttributeMappingTableConfig = {
+  columns: {
+    first: localizationKeys(
+      'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.columns.attribute',
+    ),
+    second: localizationKeys(
+      'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.columns.claimName',
+    ),
+    third: localizationKeys(
+      'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.columns.value',
+    ),
+  },
+  // Microsoft's default claim names are long URLs that don't fit the column;
+  // truncate them with an ellipsis and surface the full value in a tooltip.
+  truncateSecond: true,
+  rows: [
+    {
+      id: 'email',
+      isRequired: true,
+      first: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.email.attribute',
+      ),
+      second: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.email.claimName',
+      ),
+      third: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.email.value',
+      ),
+    },
+    {
+      id: 'firstName',
+      isRequired: false,
+      first: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.firstName.attribute',
+      ),
+      second: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.firstName.claimName',
+      ),
+      third: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.firstName.value',
+      ),
+    },
+    {
+      id: 'lastName',
+      isRequired: false,
+      first: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.lastName.attribute',
+      ),
+      second: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.lastName.claimName',
+      ),
+      third: localizationKeys(
+        'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.attributeMappingTable.rows.lastName.value',
+      ),
+    },
+  ],
+};
+
+const SamlMicrosoftAttributeMappingStep = (): JSX.Element => {
+  const { goNext, goPrev, isFirstStep, isLastStep } = useWizard();
+
+  return (
+    <>
+      <Step.Body>
+        <Step.Section sx={theme => ({ gap: theme.space.$3 })}>
+          <Heading
+            elementDescriptor={descriptors.configureSSOInstructionsHeading}
+            as='h3'
+            textVariant='subtitle'
+            localizationKey={localizationKeys('configureSSO.configureStep.samlMicrosoft.attributeMappingStep.title')}
+          />
+
+          <AttributeMappingTable config={MICROSOFT_ATTRIBUTE_MAPPING} />
+
+          <Text
+            as='p'
+            colorScheme='secondary'
+            localizationKey={localizationKeys(
+              'configureSSO.configureStep.samlMicrosoft.attributeMappingStep.paragraph',
+            )}
+          />
+
+          <Col
+            elementDescriptor={descriptors.configureSSOInstructionsList}
+            as='ul'
+            sx={theme => ({
+              gap: theme.space.$1x5,
+              margin: 0,
+              paddingInlineStart: theme.space.$5,
+              listStyleType: 'disc',
+            })}
+          >
+            <Text
+              elementDescriptor={descriptors.configureSSOInstructionsListItem}
+              as='li'
+              colorScheme='secondary'
+              localizationKey={localizationKeys('configureSSO.configureStep.samlMicrosoft.attributeMappingStep.step1')}
+            />
+            <Text
+              elementDescriptor={descriptors.configureSSOInstructionsListItem}
+              as='li'
+              colorScheme='secondary'
+              localizationKey={localizationKeys('configureSSO.configureStep.samlMicrosoft.attributeMappingStep.step2')}
+            />
+            <Text
+              elementDescriptor={descriptors.configureSSOInstructionsListItem}
+              as='li'
+              colorScheme='secondary'
+              localizationKey={localizationKeys('configureSSO.configureStep.samlMicrosoft.attributeMappingStep.step3')}
+            />
+          </Col>
+        </Step.Section>
+      </Step.Body>
+
+      <Step.Footer>
+        <Step.Footer.Previous
+          onClick={() => goPrev()}
+          isDisabled={isFirstStep}
+        />
+        <Step.Footer.Continue
+          onClick={() => goNext()}
+          isDisabled={isLastStep}
+        />
+      </Step.Footer>
+    </>
+  );
+};
+
 const MICROSOFT_SAML_IDP_MODES = ['metadataUrl', 'manual'] as const satisfies readonly IdpConfigurationMode[];
 
 const SamlMicrosoftIdentityProviderMetadataStep = (): JSX.Element => {
diff --git a/packages/ui/src/components/ConfigureSSO/steps/ConfigureStep/saml/shared/AttributeMappingTable.tsx b/packages/ui/src/components/ConfigureSSO/steps/ConfigureStep/saml/shared/AttributeMappingTable.tsx
