黑料海角91入口

Add custom attributes to a user group with Group Inherited User Attributes. When you add users to that user group, they inherit the custom attribute. Group Inherited User Attributes can be added on SAML SSO connectors to customize roles and permissions across your user groups.

Considerations

• String, Number, Boolean and JSON attribute types are supported
• Group inherited custom attributes are not supported for dynamic user groups (they are set at the user level)
• Attributes names need to be unique
• Number attributes can鈥檛 be more than nine digits. If you need to enter a number that鈥檚 longer than nine digits, use a string attribute instead
• String attributes support numbers, characters, and symbols
• If there are custom attributes set on two or more groups that connect a user to an app, the most recently added group attribute will be applied. For example:

User A is associated with 黑料海角91入口 User Groups Team-A and Team-B
Team-A custom attribute: TeamName=team-a
Team-B custom attribute: TeamName=team-b

When the user initiates a session on AWS where the group attribute is inherited, it inherits Team-B custom attribute: TeamName=team-b

Configuring Group Inherited User Attributes on a User Group

Considerations

• You can use the JSON Editor to create objects. Objects support nested objects, lists, as well as boolean, number, and string values 
• Multiple nested objects and JSON fields are supported. Use a comma to separate them
• JSON fields need to be unique. If you have two JSON fields with the same name, the most recently created JSON field is saved and the older one is deleted when you save the attribute 

To add group inherited user attributes

1. Log in to the . 
2. Go to USER MANAGEMENT > User Groups.
3. Select an existing User Group or create a new user group. 
4. Click add new custom attribute from the Details tab. 
5. For type, choose String, Number, Boolean, or JSON Editor. 
6. Enter an Attribute Name and Attribute Value. 
7. Click save.

Mapping Group Inherited User Attributes on a SAML Connector

Considerations 

• Conflicting attributes set at the user level override attributes set at the group level. 
• When you create a Group Inherited User Attribute that uses a JSON Editor Attribute value, you can map the Group Attribute Name on a SAML connector to any of the JSON fields contained in the JSON object. If the mapping is correct, then we extract the value from the  fields. Things to know about this functionality:
  • From User Attributes on a SAML Connector, you can map the Group Attribute Name to a string, number, or boolean JSON field that you included in the JSON editor. 
  • On the SAML connector, you can map the Group Attribute Name to a JSON field that includes a list value, but we only add the elements of the list that aren鈥檛 JSON objects.
  • You can鈥檛 map a Group Attribute Name to JSON fields that contain JSON or complex objects as their values.  For example, let鈥檚 say the JSON Editor Attribute name is 鈥渙therInfo鈥� and the JSON Editor Attribute Value is the following:

A mapping to otherInfo.userSettings isn鈥檛 supported because the value contains an object. Instead, you could map to a field in that value object like this: otherInfo.userSettings.role. If you map to a field that has JSON or complex objects as their value, the attribute is ignored in a SAML assertion. 

To include group inherited user attributes with a SAML SSO connector

1. Log in to the . 
2. Go to USER AUTHENTICATION > SSO.
3. Select an existing application or .
4. Click the SSO tab. 
5. Scroll down to the Attributes section and click add attribute.
   • Service Provider Attribute Name - enter the service provider鈥檚 name for an attribute
   • 黑料海角91入口 Attribute Name - click the down arrow and choose Custom User or Group Attribute 
   • Group Attribute Name field, enter the attribute name you provided in step 6 of the Configuring Group Inherited User Attributes on a User Group Section in this article. 

6. Click save.