Mapping Roles Using SAML Attributes
You can create a SAML role mapping to automatically assign roles to users based on
their SAML attributes.
Prerequisites
- SAML needs to be enabled in SAP Analytics Cloud.
- Your custom SAML Identity Provider (IdP) must be configured and you should be able to login
to your tenant without problems.
- Step 6 in Enabling a Custom SAML Identity Provider must be
completed.
Procedure
-
On the Roles page of the Security area, select the check
box for an existing role.
-
Select (Open SAML Role
Mapping).
The Create SAML Mapping dialog appears.
-
Under Conditions, select a SAML
Attribute, select a Condition, and enter
a Value if required.
-
(Optional) Select (New mapping
definition) to add additional mappings to the role
assignment.
-
For each additional mapping, under Conditions,
select a SAML Attribute, select a
Condition, and enter a
Value if required.
-
Under Conditions Logic, select
AND or OR.
If AND is selected, the conditions for all
attributes must be met for the mapping to be applied. If
OR is selected, the conditions for only one
of the attributes must be met for the mapping to be applied.
Results
The selected role will be applied to all users who meet the
specified conditions when logging onto
SAP Analytics Cloud via SAML
authentication. If the selected role was previously assigned to a user, but the user
does not meet the specified conditions, the role will be revoked when the user logs
in.