Skip to main content

Configure External ID for users

Customer Identity and Access Management (CIAM) platforms often rely on directories or external identity providers that use their own unique user identifiers, such as UUIDs. While not visible to end users, these identifiers are required for integrations like OIDC, SAML, and SCIM to reliably identify users across customer-managed systems.

IDaaS supports this use case with an optional External ID system attribute. This attribute stores a stable, globally unique identifier from an external source and can be set through any of the following mechanisms:

  • Directory synchronization – Mapping an existing directory attribute to the External ID field during sync operations.
  • Identity Provider authentication – Injecting the External ID value from an IDP‑issued claim during inbound authentication flows.
  • Administrative API assignment – Writing the External ID directly via the IDaaS Admin API for programmatic or out‑of‑band system integrations.

Once assigned, the External ID remains permanently associated with the IDaaS user and can be retrieved through the Admin API, a SAML attribute, or an OIDC claim allowing downstream systems to consistently reference the same user across integrations.

Usage Example

The following example demonstrates how to set the External ID for a user using directory synchronization and return it in a SAML banking application.

Phases

Phase 1: Directory Synchronization

  • Shows the External ID being read from the Corporate Directory (AD/LDAP)
  • The Directory Sync Agent maps the bankingId attribute to the External ID field
  • IDaaS stores the External ID (e.g., "a1b2c3d4-e5f6-7890") with the user profile

Phase 2: SAML Authentication

  • User accesses the Banking Application, triggering SAML authentication
  • IDaaS authenticates the user and retrieves their profile including the External ID
  • The SAML response includes the External ID as a claim
  • Banking Application uses the External ID for user lookup and provisioning

Phase 3: Payment Processing

  • User initiates a payment transaction in the Banking Application
  • Banking Application calls the Payment Application API, passing the External ID
  • Payment Application validates the user and retrieves their payment profile using the External ID as the lookup key
  • Transaction details are returned and displayed to the user

This complete flow demonstrates how the External ID serves as a consistent, immutable identifier that enables seamless integration across multiple systems in a banking environment.

Configuration

Directories

For the Corporate Directory, in Attribute Mapping, associate the directory bankingId attribute with the IDaaS External ID attribute.

Applications

For the Banking Application (SAML SP), in SAML Settings, SAML Attributes, add a SAML External ID attribute with the IDaaS External ID attribute.