Difficulty: expert

As an additional feature of Workplace SSO (see How to set up Workplace SSO), users can be assigned a specific role, depending on the roles configured on IDP side.

In Workplace, it’s possible to map the roles from the customer IDP user-assigned roles with Workplace Experience roles as defined in Roles and Profiles. It's possible to map

• Standard roles like Admin or Default roles

• Environment Specific Roles, for example roles with a reservation scope definition

Open

How does Role Mapping work?

• If a user logs in using SSO and has no Workplace account yet:

  • The user will be automatically created (if enabled in Automatic creation, update & deletion of Workplace users | Automatic creation of Workplace users)

  • Based upon the IDP Account Group ID passed via metadata, the user will be created and assigned a Workplace role as defined in the role mapping 

• If a user logs in using SSO and already has a Workplace account:

  • Based upon the IDP Account Group ID passed via metadata, the user will be assigned a Workplace role as defined in the role mapping

“Remote attribute as group” is part of the IDP data per user, that allows Workplace to identify which attribute defines the group membership.

“Group restriction” is a filter that prevents users from IDP groups to log in to Cobundu. All valid entries are included in this comma-separated list. If there is no match to any of the listed groups, login to Cobundu touch points will be restricted.

To start using this feature, contact your Spacewell Account Manager.

Search