Hi,
I set up my business account with single sign on my question is how to assign user roles from my SSO?
Also, can the new user provisioning happen upon first login from SSO or do I have to manually create user account and send invitation before they can login with their single sign-on credentials?
Thanks
Best answer by alex
View original
+2
Hi Wisam,
This is something we’re currently working on! You can expect it to be released in the next few weeks! Stay tuned!
Hello Alex,
Thank you for your reply!
Could you please clarify which feature is going to be implemented soon? Are you referring to the “user provisioning” or user “role” mapping?
Thanks again
-Wisam
+2
Both! We’ll be releasing support for user provisioning via the SCIM standard and as a part of that you’ll be able to control the user’s role from OneLogin or Okta.
Well, that's disappointing. Because you're excluding the most popular SSO idP.
I have over 30 SAML Service Providers that authenticate against my ADFS IdP. Unfortunately your SAML SP is the only one that forces me to manually create the user account before they can use the single sign-on to login, which kind of defeats the purpose of single sign-on.
Which brings me to the second limitation in your sso implementation, and that even after I create a user manually, I have no control over their "Role" from my IDP.
I should simply be able to just send you basic information such as NameID which could be the same as email address and my Role which could be mapped to a group membership, or any other custom attribute name.
I really hope this will be implemented soon.
Regards
-Wisam
+2
Unfortunately we’re only currently planning to support role mapping and user provisioning via the SCIM standard which ADFS does not support. However I’ll take note of your request and we’ll see what we can do.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
