When a user signs in to WCM with SAML, the Identity Provider authenticates them and returns a SAML assertion — WCM creates the account if it doesn't exist, or opens a session if it does.
💡Quick answers
- How does SAML authentication work? The user signs in, the IdP (ADFS or Azure) authenticates them, and if successful sends a SAML assertion to WCM — which either creates the account or establishes a session.
- What user data is included in the assertion? First Name, Last Name, Email, Username, Phone Number, and Title.
- What happens if the user doesn't exist in WCM yet? WCM automatically creates the account from the assertion data, then establishes the session.
- Does WCM import groups from ADFS via SAML? No — groups are not imported. New account creation can optionally be disabled for users managed via Universal Connector or manual methods.
When a user attempts to sign in to Web Community Manager using SAML technology, that user is authenticated by your Identity Provider (IdP).
When a user is authenticated with the IdP, the district returns a successful SAML assertion with First Name, Last Name, Email, Username, Phone Number and Title.
- If the user exists, the Web Community Manager only establishes a session.
- If the user does not exist, WCM creates the user based on the assertion metadata and then establishes a session.
* WCM doesn't bring over groups from ADFS. Optionally, if users are created or managed another way (for example, Universal Connector or Manually), new account creation can be disabled
