How do I configure advanced SAML settings (JIT User Provisioning, Mappings) in Sugar?

Question

I received the above question recently and I had to do some research to get the answer, so I'm just going to share it here.

Is there a configuration within Sugar 7 that would:
Prevent SAML JIT Provisioning
If/When using SAML JIT Provisioning, not to create a new user when an existing user can be located
Mapping of attributes

Matt Marum · Accepted Answer

We use a PHP library from OneLogin in order to support SAML in Sugar 7. This is stored under the vendor/onelogin/ directory.

There’s only a couple of SAML settings that can be configured directly via Sugar Config. These are documented in the Developer Guide

http://support.sugarcrm.com/02_Documentation/04_Sugar_Developer/Sugar_Developer_Guide_7.6/70_API/Cla...

For additional settings, it requires some code customizations in order to change default behaviors used with the OneLogin library such as JIT (Just In Time) provisioning and attribute mappings. You can set your Sugar application log level to DEBUG and you’ll see more details on what’s going on during user provisioning in the sugarcrm.log file.

The settings file that is used by Sugar SAML implementation is located at modules/Users/authentication/SAMLAuthenticate/settings.php

If you wanted to customize it, you’d need to copy that file, make your customizations, and place it at custom/modules/Users/authentication/SAMLAuthenticate/settings.php

OneLogin whitepaper on SugarCRML SAML for reference.

http://resources.onelogin.com/d/PFpwD/DG-OneLogin-for-SugarCRM

App Ecosystem @ SugarCRM