Create IdP group mapping

As an administrator, you can create Identity Provider (IdP) group mappings to determine the Control Room roles and licenses to be assigned for automatic user account provisioning.

Prerequisites

  • Ensure that the IdP administrator has configured the Control Room as a single sign-on (SSO) application and updated details such as IdP entity ID, service provider entity ID, Assertion Consumer Service (ACS) URL, user attributes, group attributes, and so on, on their IdP portal.
  • The IdP group attributes must be set to SecurityGroups in the IdP portal so that the Control Room can use this as the key to identify the group information in the SAML assertion.
  • Ensure that the IdP administrator has configured the user groups in their IdP whose users need be automatically provisioned in the Control Room.

Procedure

  1. Navigate to Administration > Roles.
  2. Click the IdP group mapping tab.
  3. Click the plus (+) icon to create IdP group mapping.
  4. Enter the IdP group name/SID.
    Note:
    • Ensure that you provide the IdP group name/SID exactly the same name as the user group or SID created in your IdP.
    • Some IdPs might use SID instead of the group name in the SAML assertion. For such IdPs, ensure that you provide the SID as the IdP group name.
    • Some IdPs use filters to identify the groups that a user belongs to and such filters are used in the SAML assertion to identify the user. Therefore, note that the SAML assertion might not include all the groups that the user belongs to.
  5. Optional: Enter a description.
  6. Disable or enable the mapping for automatic user account provisioning option. When this option is disabled, users must be manually provisioned.
    Note: Enabling this option ensures that new users are automatically added to the Control Room. However, users are not removed from the Control Room after they are automatically added.
  7. Select the roles that you want to assign to this group mapping.
  8. Select the licenses that you want to assign to this group mapping.
  9. Click Create Mapping.

Next steps