| Table of Contents |
|---|
...
Introduction
This page describes a process for adding external group mapping.
...
From the user menu, select Manage System Security:
...
Step 3. Edit realm Identity Providers
...
Open realm Identity Providers
...
Select configured ADFS/OpenID/SSO provider
Once a provider is selected, go to Mappers tab and select Create button to add new mapping
...
Step 4. Add new mapping
Add new mapping as shown below:
Fill in the name - that can be any "friendly name" that will let you understand later on what is this mapping about
Select mapper type: SAML Attribute to Role
Type in Attribute name: this is the attribute that will be emitted from ADFS. This is just an example it might be different on your ADFS instance, but in most cases it will be:
Type in Attribute Value: a group name that is emitted from ADFS
Select value from available Roles/Groups/Permissions using Select Role button.
Note: mapping can be made to group (recommended) but also directly to permission or permission set, but in that case it will be harder to track and manage permissions.
Useful information
Group names can differ across the systems. Original system can have a group "Accounting" that is emitted as "FMA Users" that is mapped in the system to "Users".
Any group can be used for mapping, it can also include "local" users.
External users are resolved in run time (during login) and members might not be displayed correctly. Current user membership will be checked at every login.