Solved

Does SSO setting ‘Preserve manually granted Custom Roles’

  • 10 June 2023
  • 2 replies
  • 62 views
R
Rank

Hi everyone - quick question on the SSO setting ‘Preserve manually granted Custom Roles’ on the Insided platfrom. My understanding is that this is a ‘merge’ setting and does not have a ‘persistent’ impact to role mapping.  

Question1: Example:  This setting is enabled  and say community manager assigns role ‘XYZ’ manually to a user and the same user is assigned ‘ABC,123’ roles through SSO they end up with a merge of the 3 roles  i.e. XYZ,ABC,123? 

Question2: Further say we remove the role ‘ABC’ from our Identity Provider (SSO backend) and the same user logs in next time they should only get manually assigned ‘XYZ’+ sso provided role ‘123’. Correct? Or will the platfrom persist the previously SSO assigned role ‘ABC’ for this user?

Question3: With this setting disabled: All manually assigned Role are overwritten and only SSO assigned roles will be assigned to user after a successful SSO login.

 

Have a good weekend!  

icon

Best answer by olimarrio 12 June 2023, 10:58

View original

2 replies

olimarrio
Rank
Userlevel 4
Badge +4

Hey @ruc 👋,

Great questions!

  1. Correct, the user will have the 3 roles assigned (the role manually added via control + the roles from the SSO payload.
  2. The platform will persist with the previously assigned SSO role. With the setting enabled, it is currently not possible to unassign a role via SSO. The previously added roles will always be preserved. You can read more about this in the following post
  3. Correct, with the setting disabled, the roles being sent via the SSO payload will overwrite the manually added roles. Only the roles sent from the Identity Provider upon login / registration will be assigned to the user.

Let us know if you have any more questions 😁

R
Rank

Thanks @olimarrio especially for clarification on #2 as its a bit counter intuitive, I would have thought Authorization step will update (add and remove) custom roles based on current values returned during the SSO transaction plus apply any manually assigned custom roles. 

Reply


Terms & ConditionsCookie settings