Knowledge Drop

Pairing IdP Attributes with Looker User Attributes

Userlevel 5

Last tested: Oct 3, 2019

You can pair IdP attributes to Looker user attributes in order to get user-specific settings into Looker (for example if you're using a parametrized connection or access grants). This can be helpful if you already have attributes set in IdP that you want to use in Looker, or would prefer to set permissions like this in IdP rather than Looker, so the IdP can act as the single source of role truth.


For example, you might have a SAML attribute set in your IdP for department which takes on the values finance, sales, or marketing. In Looker, you may require only the finance department to see the payroll values of the organization.

In order to make oversight of this user attribute more seamless, you can map a Looker user attribute to the department SAML attribute. Here are the steps:

  1. Create a new user attribute in Looker. (If you have an existing user attribute in Looker that you want to map to the SAML attribute, then you can skip this step!)
    1. In this example, we'll create a user attribute called dept . The options for "User Access" and "Hide Values" are not important.
  2. Pair the SAML user attribute to the Looker user attribute. When we're done, this example should look like this (in the Admin > SAML settings page):
    Screen Shot 2019-10-28 at 12.02.44 PM.png


This content is subject to limited support.                



0 replies

Be the first to reply!