HomeGuidesAPI ReferenceChangelogDiscussions
GuidesAPI ReferenceDiscussions

Configuration for Consumer SSO

Identity Provider Configuration

Issuer Entity ID

URL that uniquely identifies your SAML identity provider. Please provide this value to your Blend project contact. SAML assertions sent to Blend must match this value in the
<saml:Issuer> attribute of SAML assertions.

<saml:Issuer>{issuer}</saml:Issuer>

Required User Settings

AttributeData TypeDescription
NameIDstringA unique, pseudo-random identifier for the user that will not change over time — like a user ID number.
emailstringA verified email of the user signing in.

Example SAML Assertions

<saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">fba8456a-4d96-4a3d-8b6d-567ad6dbb753</saml2:NameID>
</saml2:Subject>
<saml:AttributeStatement>
    <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[email protected]</saml:AttributeValue>
    </saml:Attribute>
    ...
</saml:AttributeStatement>

Optional User Attributes

AttributeData TypeDescription
referrerIDstringEnsures the information included in a Blend Referral Link is effectively passed through the SAML authentication.
originationTypeenum: MORTGAGE, HELOC, HELOAN, AUTO, PERSONAL_LOAN, SPECIALTY_VEHICLE, PERSONAL_LOC, ACCOUNT_OPENING, CONFIGURABLE_PRODUCTSets the appropriate application template for the user.
firstNamestringThe SSO user's first name.
lastNamestringThe SSO user's last name.
ssnstringThe SSO user's Social Security Number, e.g. 001010001 (numbers only, no dashes).
dateOfBirthstringThe SSO user's date of birth, e.g. 01/01/1990.
primaryPhonenoneThe SSO user's primary phone number. Blend collects a single contact number.
physicalAddressStreetstringThe SSO user's current physical street address. This should be a physical address, not a PO Box used for mailing purposes.
physicalAddressCitystringThe city associated with the SSO user's current physical street address.
physicalAddressStatestringThe state associated with the SSO user's current physical street address.
physicalAddressZipstringThe 5 digit zip code associated with the SSO user's current physical street address.
physicalAddressCountrystringThe 2 digit ISO country code associated with the SSO user's current physical street address. This value must be US.
appSourcestringThe name of the LOS or CRM that the application was imported from
applicationTemplateIdstringThe identifier for the program that the party is applying for
communityIdstringThe community identifier of the applicant's residence
authToken*stringAn authorization token Blend can use to retrieve additional information regarding the SSO user from your APIs, such as their bank accounts data. Typically this is an OAuth token which authorizes Blend to access your APIs on behalf of the SSO user.
  • The authToken supports Blend functionality not in scope of a Consumer SSO implementation. If you are implementing Consumer SSO, you can safely ignore this field.

📘

Omitted/Malformed Attribute Behavior

Blend ignores omitted or malformed attributes

Specify your user attributes in the assertion's attribute statement.

<saml:AttributeStatement>
    <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[email protected]</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="referrerId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[email protected]</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">FirstName</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">LastName</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="primaryPhone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">5558675309</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="physicalAddressStreet" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">415 Kearny St</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="physicalAddressCity" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">San Francisco</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="physicalAddressState" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">CA</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="physicalAddressZip" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">94108</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="physicalAddressCountry" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">US</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="authToken" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">f69b392f-baa7-4715-a91e-58957dd1055d</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="app_source" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">>MARKETING_VALUE</saml:AttributeValue>
    </saml:Attribute>
     <saml:Attribute Name="applicationtemplateid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">>efkjhefvjkv987-fr09u3fb-c3riuhjbrf</saml:AttributeValue>
    </saml:Attribute>
     <saml:Attribute Name="comid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">>GARDENS</saml:AttributeValue>
    </saml:Attribute>
</saml:AttributeStatement>

Errors

If any required parameters are missing or invalid, the authentication request will fail.