Map SAML groups to Orchestrator Roles

Testing out SAML with Orchestrator 19.10.15 using the default configuration requires you to create individual users with a matching email address. It would be nice if we could map an attribute e.g. “Role” to a collection of groups ( with the ability to map groups to an orchestrator role.

This would remove the need to manually create the user profiles locally (or adding a domain user with WindowsAuth) and leverage ADFS/SAML to grant the appropriate permissions when the user logs on.

Thank you for your suggestion. I added it to our internal ideas tracker for our team to consider.