Map Roles Using SAML Attributes

You can create a SAML role mapping to automatically assign roles to users based on their SAML attributes.

Prerequisites

  • SAML needs to be enabled in SAP Analytics Cloud.
  • Your custom SAML Identity Provider (IdP) must be configured, and you should be able to log in to your tenant without problems.
  • Step 6 in Enable a Custom SAML Identity Provider must be completed.

Procedure

  1. From the side navigation, go to Start of the navigation path Security Next navigation step  RolesEnd of the navigation path, and select a role to open it.
  2. Select (Open SAML Role Mapping).

    The Create SAML Mapping dialog appears.

  3. Under Conditions, select a SAML Attribute, select a Condition, and enter a Value if required.
  4. (Optional) Select (New mapping definition) to add additional mappings to the role assignment.
    1. For each additional mapping, under Conditions, select a SAML Attribute, select a Condition, and enter a Value if required.
    2. Under Conditions Logic, select AND or OR.
      If AND is selected, the conditions for all attributes must be met for the mapping to be applied. If OR is selected, the conditions for only one of the attributes must be met for the mapping to be applied.

Results

The selected role will be applied to all users who meet the specified conditions when logging onto SAP Analytics Cloud via SAML authentication. If the selected role was previously assigned to a user, but the user does not meet the specified conditions, the role will be revoked when the user logs in.