Can we map existing user group from SAML Provider to ezeelogin as ezeelogin user group ?
Mapping Existing User Groups from SAML Provider to ezeelogin User Groups
Overview: This article explains how to map existing user groups from SAML provider to Ezeelogin user groups by creating corresponding user groups in the Ezeelogin web interface. Once configured users will be automatically assigned to the relevant groups within the Jumpserver.
Q. We have multiple groups in the SAML provider (Azure SSO/Okta SSO/Onelogin SSO/ AWS SSO etc..)for different users who have different authorization groups, so if we map these user groups via SAML will these users get access to the authorized servers?
A. Yes, it is indeed possible to map user groups from your SAML provider to ezeelogin user groups. By creating user groups in the ezeelogin web interface that correspond to the names of the groups in your SAML/SSO provider, users will be automatically assigned to the relevant groups within the Jumpserver.
1. Step-by-Step Guide to Mapping User Groups
Step 1(A): Create user groups in web GUI.
Create user groups with the same name as in SAML provider in Web GUI under Users -> User Groups. The SAML users would be automatically assigned to the same user group within Ezeelogin.
Step 1(B): Add Group Attribute name in SAML settings.
2. Manage user group priorities.
If the user in the SAML provider belongs to multiple user groups, set priority to a user group in web GUI, so that the user will be assigned to the user group having the highest priority.
Step 2(A): Edit the user group or set priority while adding user group.
Step 2(B): Set a greater value for the highest priority. If a user exists in multiple user groups, then the user will be imported to the user group having a higher priority.
For example: Consider a user named Marc who is a member of both the devopsteam & systemteam. If systemteam is assigned a priority of 5 and devopsteam a priority of 3, Marc will be imported into the systemteam user group because it holds the higher priority.
By following these steps, organizations can effectively map user groups from their SAML providers to ezeelogin user groups. This integration not only simplifies user management but also enhances security by ensuring that users have access only to the authorized servers based on their group members.
Related Articles:
Map Okta attributes to Ezeelogin.