From d7e8a0cfd11ef8aab5a35d7e04b42c2414ff2311 Mon Sep 17 00:00:00 2001
From: Stephanie Aurelio <133041642+stephaurelio@users.noreply.github.com>
Date: Thu, 28 Sep 2023 15:18:39 -0700
Subject: [PATCH] Add role, team, and org attributes to SSO attributes table
 (#18295)

* add attributes to table

* add optional tag
---
 layouts/shortcodes/admin-sso.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/layouts/shortcodes/admin-sso.md b/layouts/shortcodes/admin-sso.md
index a69287e4e9..cd7d750cee 100644
--- a/layouts/shortcodes/admin-sso.md
+++ b/layouts/shortcodes/admin-sso.md
@@ -1,11 +1,14 @@
 {{ $product_name := "Docker Hub" }}
 {{ $sso_config_link := "[configuring SSO](/single-sign-on/configure/)" }}
+{{ $role_mapping_link := "[Set up role mapping](docker-hub/scim.md#set-up-role-mapping)" }}
 
 {{ if eq (.Get "product") "admin" }}
 {{ $product_name = "Docker Admin" }}
 {{ $sso_config_link = "[configuring SSO](/admin/organization/security-settings/sso-configuration/)" }}
+{{ $role_mapping_link = "[Set up role mapping](admin/organization/security-settings/scim.md#set-up-role-mapping)" }}
 {{ if eq (.Get "layer") "company" }}
 {{ $sso_config_link = "[configuring SSO](/admin/company/settings/sso-configuration/)" }}
+{{ $role_mapping_link = "[Set up role mapping](admin/company/settings/scim.md#set-up-role-mapping)" }}
 {{ end }}
 {{ end }}
 
@@ -37,13 +40,18 @@ When a user signs in using SSO, Docker obtains the following attributes from the
 - **Full name** - name of the user
 - **Groups (optional)** - list of groups to which the user belongs
 
-If you use SAML for your SSO connection, Docker obtains these attributes from the SAML assertion message. Your IdP may use different naming for SAML attributes than those listed above. The following table lists the possible SAML attributes that can be present in order for your SSO connection to work.
+If you use SAML for your SSO connection, Docker obtains these attributes from the SAML assertion message. Your IdP may use different naming for SAML attributes than those listed above. The following table lists the possible SAML attributes that can be present in order for your SSO connection to work. 
+
+You can also configure attributes to override default values, such as default team or organization. See {{ $role_mapping_link }}.
 
 | SSO attribute | SAML assertion message attributes |
 | ---------------- | ------------------------- |
 | Email address    | `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"`, `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"`, `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"`, `email`                           |
 | Full name        | `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"`, `name`, `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"`, `"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"`  |
 | Groups (optional) | `"http://schemas.xmlsoap.org/claims/Group"`, `"http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"`, `Groups`, `groups` |
+| Docker Org (optional)        | `dockerOrg`   |
+| Docker Team (optional)     | `dockerTeam`  |
+| Docker Role (optional)      | `dockerRole`  |
 
 > **Important**
 >