Create Virtual groups for SAML
You can create virtual groups in a four different ways:
- Everyone logged in via SAML
- Groups
- E-mail address (single user)
- E-mail address (all)
Everyone logged in via SAML
As a first test when setting up SAML settings, it's a good idea to add all logged-in users via SAML and try logging in. Enter SAML in uppercase so the ID for the Virtual group consists of all people who log in Via SAML.

Groups
Giving entire groups in the directory service access through Virtual groups is straightforward. This allows you to assign permissions to a page or structure to all users in the group.
Fill in the names of the attribute values for the attribute that you set as group attribute in the SAML2 login module. For example, if the group attribute name is groups, use what is under AttributeValue.
The example below shows a SAML-ticket with 2 group names; SVeconomyEditors and SVadmin.
<saml:Attribute Name="groups">
<AttributeValue>SVeconomyEditors</AttributeValue>
<AttributeValue>SVadmin</AttributeValue>
</saml:Attribute>

It is important to specify the EXACT name of the group attribute value.
E-mail address (single user)
You can use an e-mail address to create a Virtual group for a single user.
Enter an e-mail address in the Id field.

E-mail address (all)
You can use the domain in an e-mail address to create a virtual group based on all users with a specific e-mail address.
Type the address after @ (domain) as the Id so that all users with that address are associated with the Virtual group.

The page published:
help.sitevision.se always refers to the latest version of Sitevision