Configuration for Consumer SSO
Identity Provider Configuration
Issuer Entity ID
URL that uniquely identifies your SAML identity provider. Please provide this value to your Blend project contact. SAML assertions sent to Blend must match this value in the
<saml:Issuer> attribute of SAML assertions.
<saml:Issuer>{issuer}</saml:Issuer>
Required User Settings
| Attribute | Data Type | Description |
|---|---|---|
NameID | string | A unique, pseudo-random identifier for the user that will not change over time — like a user ID number. |
email | string | A verified email of the user signing in. |
Example SAML Assertions
<saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">fba8456a-4d96-4a3d-8b6d-567ad6dbb753</saml2:NameID>
</saml2:Subject>
<saml:AttributeStatement>
<saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[email protected]</saml:AttributeValue>
</saml:Attribute>
...
</saml:AttributeStatement>
Optional User Attributes
| Attribute | Data Type | Description |
|---|---|---|
referrerID | string | Ensures the information included in a Blend Referral Link is effectively passed through the SAML authentication. |
originationType | enum: MORTGAGE, HELOC, HELOAN, AUTO, PERSONAL_LOAN, SPECIALTY_VEHICLE, PERSONAL_LOC, ACCOUNT_OPENING, CONFIGURABLE_PRODUCT | Sets the appropriate application template for the user. |
firstName | string | The SSO user's first name. |
lastName | string | The SSO user's last name. |
ssn | string | The SSO user's Social Security Number, e.g. 001010001 (numbers only, no dashes). |
dateOfBirth | string | The SSO user's date of birth, e.g. 01/01/1990. |
primaryPhone | none | The SSO user's primary phone number. Blend collects a single contact number. |
physicalAddressStreet | string | The SSO user's current physical street address. This should be a physical address, not a PO Box used for mailing purposes. |
physicalAddressCity | string | The city associated with the SSO user's current physical street address. |
physicalAddressState | string | The state associated with the SSO user's current physical street address. |
physicalAddressZip | string | The 5 digit zip code associated with the SSO user's current physical street address. |
physicalAddressCountry | string | The 2 digit ISO country code associated with the SSO user's current physical street address. This value must be US. |
appSource | string | The name of the LOS or CRM that the application was imported from |
applicationTemplateId | string | The identifier for the program that the party is applying for |
communityId | string | The community identifier of the applicant's residence |
authToken* | string | An authorization token Blend can use to retrieve additional information regarding the SSO user from your APIs, such as their bank accounts data. Typically this is an OAuth token which authorizes Blend to access your APIs on behalf of the SSO user. |
- The
authTokensupports Blend functionality not in scope of a Consumer SSO implementation. If you are implementing Consumer SSO, you can safely ignore this field.
Omitted/Malformed Attribute Behavior
Blend ignores omitted or malformed attributes
Specify your user attributes in the assertion's attribute statement.
<saml:AttributeStatement>
<saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="referrerId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">FirstName</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">LastName</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="primaryPhone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">5558675309</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="physicalAddressStreet" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">415 Kearny St</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="physicalAddressCity" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">San Francisco</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="physicalAddressState" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">CA</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="physicalAddressZip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">94108</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="physicalAddressCountry" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">US</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="authToken" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">f69b392f-baa7-4715-a91e-58957dd1055d</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="app_source" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">>MARKETING_VALUE</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="applicationtemplateid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">>efkjhefvjkv987-fr09u3fb-c3riuhjbrf</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="comid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">>GARDENS</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
Errors
If any required parameters are missing or invalid, the authentication request will fail.
Updated 7 months ago