Mapping Roles Using SAML Attributes
You can create a SAML role mapping to automatically assign roles to users based on their SAML attributes.
- SAML needs to be enabled in SAP Analytics Cloud.
- Your custom SAML Identity Provider (IdP) must be configured and you should be able to login to your tenant without problems.
- Step 6 in Enabling a Custom SAML Identity Provider must be completed.
- On the Roles page of the Security area, select the check box for an existing role.
Select (Open SAML Role
The Create SAML Mapping dialog appears.
- Under Conditions, select a SAML Attribute, select a Condition, and enter a Value if required.
(Optional) Select (New mapping
definition) to add additional mappings to the role
- For each additional mapping, under Conditions, select a SAML Attribute, select a Condition, and enter a Value if required.
Under Conditions Logic, select
AND or OR.
If AND is selected, the conditions for all attributes must be met for the mapping to be applied. If OR is selected, the conditions for only one of the attributes must be met for the mapping to be applied.
The selected role will be applied to all users who meet the specified conditions when logging onto SAP Analytics Cloud via SAML authentication. If the selected role was previously assigned to a user, but the user does not meet the specified conditions, the role will be revoked when the user logs in.