Hello,
We are setting up a new extended enterprise for Company 2 in our organization. That means we have set up our new Branch and we want all employees with @company2.com in their email when they SSO to be directed into this Branch. The problem comes from the branch code.
Our current set up is the MS Entra field Location is being used as the Branch Code. But Company 2 has the same locations as Company 1 so we cannot reuse the branch code and have the same hierarchy (example Company1 / Vancouver, Company2 / Vancouver )
Given our company structure, we are not able to modify the fields in entra. Is there a way in the SAML settings to concatenate the attributes together for the branch code, so that for example we can have Company + Location as the branch code?
Assigning Employees to new Branch based on 2 SAML user provicioning fields
+10Hello, pretty sure the SAML app cannot transform or change the data coming from Entra so you're only options would be to manually move them to the other branch or look at some other tools like Connect or the automation app to handle these types of changes. You will certainly need another data point in the user profiles to differentiate users in company 1 vs. company 2.
+1Hello
To answer your question directly: Docebo's native SAML configuration strictly supports 1:1 attribute mapping. There is no built-in feature to concatenate or transform attributes directly within Docebo's SAML settings.
However, before looking at a full integration solution, I'd highly recommend checking if your IT team can handle this via Claims Transformation in MS Entra ID. Even if the underlying user profiles and fields in Entra cannot be modified, the Entra administrator can set up a SAML claim specifically for the Docebo application that concatenates two existing attributes (using a Join() transformation, e.g., combining Company Name and Location). Docebo will then simply read this custom claim as a single Branch Code.
If the Entra side is completely locked down and you absolutely must solve this on the Docebo side, an integration via Docebo Connect is your best route.
When I've deployed this for organizations with strict, locked-down IT environments, the pattern that holds up best is:
-
Staging Branch: Configure your Docebo SAML provisioning to drop all incoming users into a default "Staging" or "Onboarding" branch.
-
Docebo Connect Recipe: Create a workflow that triggers on the "New User Created" (and optionally "User Updated") event.
-
Routing Logic: The recipe evaluates the user's email domain (
@company2.com) and their mapped Location field, computes the correct concatenated branch code in the background, and uses the Docebo API to immediately move the user into the exact Extended Enterprise branch.
Handling it via Entra Claims Transformation is much cleaner, but Docebo Connect will absolutely get the job done if IT can't assist.
For reference on the exact fields supported for SAML mapping, you can check the official documentation here: Docebo for SAML - Smart and Standard configuration – Docebo Help Center
Let me know if you need pointers on the Docebo Connect recipe setup!
Log in to Docebo Community
Enter your email address or username and password below to log in to Docebo Community. No account yet? Create an account
Docebo Employee Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.