## Identity Provider Configuration
## Issuer Entity ID
URL that uniquely identifies your SAML identity provider. Please provide this value to your Blend project contact. SAML assertions sent to Blend must match this value in the
<saml:Issuer>` attribute of SAML assertions.
## Required User Settings
|`||string||A unique, pseudo-random identifier for the user that will not change over time — like a user ID number.|
|`||string||A verified email of the user signing in.|
### Example SAML Assertions
## Optional User Attributes
|`||string||Ensures the information included in a [Blend Referral](🔗) Link is effectively passed through the SAML authentication.|
|`||enum: `||Sets the appropriate application template for the user.|
|`||string||The SSO user's first name.|
|`||string||The SSO user's last name.|
|`||none||The SSO user's primary phone number. Blend collects a single contact number.|
|physicalAddressStreet`||string||The SSO user's current physical street address. This should be a physical address, not a PO Box used for mailing purposes.|
|`||string||The city associated with the SSO user's current physical street address.|
|`||string||The state associated with the SSO user's current physical street address.|
|`||string||The 5 digit zip code associated with the SSO user's current physical street address.|
|`||string||The 2 digit ISO country code associated with the SSO user's current physical street address. This value must be `|
|`||string||An authorization token Blend can use to retrieve additional information regarding the SSO user from your APIs, such as their bank accounts data. Typically this is an OAuth token which authorizes Blend to access your APIs on behalf of the SSO user.|
authToken` supports Blend functionality not in scope of a Consumer SSO implementation. If you are implementing Consumer SSO, you can safely ignore this field.
Omitted/Malformed Attribute Behavior
Blend ignores omitted or malformed attributes
### Specify your user attributes in the assertion's attribute statement.
If any required parameters are missing or invalid, the authentication request will fail.