Sending User Groups to SMA

After configuring individual user ID, you can also now send group details to SMA for group level management. You can add a group claim and send the list of groups the user is member of.

To send user groups to SMA, add a group claim.

1. To add a group claim, navigate to SAML application > Single sign on > Edit User attribute and Claim > Add a group claim.

   This evaluates group membership and provides access to resources, which serves IDP to share all the group membership information to SMA in the SAML response.

   

2. Select the group (for example, select Security groups) and source attribute (for example, select Group ID) for the group based on your requirements and click Save.

   

   A group claim name "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" is created.

3. Copy this group claim name and in SMA AMC enter in SAML claim containing user groups field under Authentication Servers > Edit Authentication Server > Identity Provide Configuration. For more information refer to Configuring a SAML 2.0 Identity Provider Authentication Server.

   

4. To use the groups under ACL or Community, you will need to add them under Security Administration > Users & Groups > Mapped Accounts.

   For Azure you can use group's Object ID as Group name in SMA under Users & Groups> Edit Mapped Account.

To configure the group details in AMC refer to the Adding Users or Groups Manuallysection.