The Env Organizational Identity Source Plugin is designed to pull attributes from environment variables, generally populated by web server authentication modules.


Org Identity Source ModeSupport
Manual Search and LinkingNot supported
Enrollment, AuthenticatedSupported
Enrollment, ClaimNot supported
Enrollment, SearchNot supported
Enrollment, SelectNot supported

Org Identity Sync ModeSupport
FullNot supported
QueryNot supported
UpdateNot supported
ManualNot supported


Each environment variable must be mapped to the appropriate data element to populate using the value made available in that variable.

Deployers using mod_auth_openidc for authentication must adjust the names of expected environment variables.

Duplicate Handling

Registry v4.1.0 adds duplicate handling capabilities when EnvSource is used as an Enrollment Source. There are three available modes:

When duplicate conditions are detected, the Petition is automatically flagged as duplicate and the enrollment terminates. The Petition is not linked to a CO Person.

Redirect on Duplicate URL may be specified to send the Petitioner to a page or destination with more information.

You may need to adjust the configuration of your web server authentication module, e.g. the Shibboleth SP, to ensure that the attributes for the authenticated user are put into the environment so that they can be consumed by Env Source. You may want to review the section "Integrate Web Server Authentication" at Registry Installation - Source.

Multi Value SAML Attributes Handling

Registry v4.3.0 adds multi-value SAML attributes parsing capabilities when EnvSource is used as  an Enrollment Source. There are three available modes:

Currently only multi-value email attributes are supported

See Also