Group is not getting updated/added for SAML users as per the provisioning rules

News Knowledge Base
1

Group is not getting updated/added for SAML users as per the provisioning rules

Issue Description: SAML users are unable to see the new group on the "Admin portal -> Accounts & Groups page" based on the provisioning rule even after the successful login using SSO.

Explanation:

  • SAML users are directory accounts and are not visible on Admin > Accounts & Groups > Users tab
  • Only the local user accounts are shown and managed under Admin > Accounts & Groups > Users tab
  • If a SAML user is added locally via the Admin > Accounts & Groups > Users tab and a provisioning rule is established to place them into a particular group, the assigned role will not reflect in the Admin portal UI post a successful login.

np0.png

Np1.png

  • The above behavior is because Admin > Accounts & Groups > Users tab is for managing local users. It doesn't show the directory/SAML users. However, the role does get assigned to the SAML user as per the provisioning rule and the same can be confirmed from Orchestrator -> Tenant -> Manage Access -> Check Roles. (e.g., Administrator role has been allocated to D******u .P***a user based on the provisioning rule).

Np.png

  • This behavior is as per the product design.