Create Virtual groups for SAML

You can create virtual groups in a four different ways:

  • Everyone logged in via SAML
  • Groups
  • E-mail address (single user)
  • E-mail address (all)

Everyone logged in via SAML

As a first test when setting up SAML settings, it's a good idea to add all logged-in users via SAML and try logging in. Enter SAML in uppercase so the ID for the Virtual group consists of all people who log in Via SAML. 

Add group for SAML

Groups

Giving entire groups in the directory service access through Virtual groups is straightforward. This allows you to assign permissions to a page or structure to all users in the group.

Fill in the names of the attribute values for the attribute that you set as group attribute in the SAML2 login module. For example, if the group attribute name is groups, use what is under AttributeValue.

The example below shows a SAML-ticket with 2 group names; SVeconomyEditors and SVadmin.

<saml:Attribute Name="groups">
<AttributeValue>SVeconomyEditors</AttributeValue>
<AttributeValue>SVadmin</AttributeValue>
</saml:Attribute>

Group name

It is important to specify the EXACT name of the group attribute value.

E-mail address (single user)

You can use an e-mail address to create a Virtual group for a single user.

Enter an e-mail address in the Id field.

Group for single emailadress

E-mail address (all)

You can use the domain in an e-mail address to create a virtual group based on all users with a specific e-mail address.

Type the address after @ (domain) as the Id so that all users with that address are associated with the Virtual group.

For anyone with the email address within a particular domain

The page published:

Did the information help you?

help.sitevision.se always refers to the latest version of Sitevision