Solved

Does SSO setting ‘Preserve manually granted Custom Roles’

1 year ago
June 9, 2023
2 replies
96 views

ruc
Contributor ⭐️⭐️⭐️

Hi everyone - quick question on the SSO setting ‘Preserve manually granted Custom Roles’ on the Insided platfrom. My understanding is that this is a ‘merge’ setting and does not have a ‘persistent’ impact to role mapping.

Question1: Example: This setting is enabled and say community manager assigns role ‘XYZ’ manually to a user and the same user is assigned ‘ABC,123’ roles through SSO they end up with a merge of the 3 roles i.e. XYZ,ABC,123?

Question2: Further say we remove the role ‘ABC’ from our Identity Provider (SSO backend) and the same user logs in next time they should only get manually assigned ‘XYZ’+ sso provided role ‘123’. Correct? Or will the platfrom persist the previously SSO assigned role ‘ABC’ for this user?

Question3: With this setting disabled: All manually assigned Role are overwritten and only SSO assigned roles will be assigned to user after a successful SSO login.

Have a good weekend!

Best answer by olimarrio

Hey @ruc 👋,

Great questions!

Correct, the user will have the 3 roles assigned (the role manually added via control + the roles from the SSO payload.
The platform will persist with the previously assigned SSO role. With the setting enabled, it is currently not possible to unassign a role via SSO. The previously added roles will always be preserved. You can read more about this in the following post.
Correct, with the setting disabled, the roles being sent via the SSO payload will overwrite the manually added roles. Only the roles sent from the Identity Provider upon login / registration will be assigned to the user.

Let us know if you have any more questions 😁

View original

Did you find this topic helpful?

olimarrio
Gainsight Employee ⭐️
1 year ago
June 12, 2023

Hey @ruc 👋,

Great questions!

Correct, the user will have the 3 roles assigned (the role manually added via control + the roles from the SSO payload.
The platform will persist with the previously assigned SSO role. With the setting enabled, it is currently not possible to unassign a role via SSO. The previously added roles will always be preserved. You can read more about this in the following post.
Correct, with the setting disabled, the roles being sent via the SSO payload will overwrite the manually added roles. Only the roles sent from the Identity Provider upon login / registration will be assigned to the user.

Let us know if you have any more questions 😁

ruc
Contributor ⭐️⭐️⭐️
1 year ago
June 12, 2023

Thanks @olimarrio especially for clarification on #2 as its a bit counter intuitive, I would have thought Authorization step will update (add and remove) custom roles based on current values returned during the SSO transaction plus apply any manually assigned custom roles.

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Related Topics

Single Sign-on (SSO): Getting Started

Okta SSO setup guide

Azure AD SSO (via SAML) setup guide

How To Change The Text Of Links, Buttons, And Labels (Phrases)

SSO Best Practices

Didn't find what you were looking for?

Sign up

Welcome to the Gainsight Community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings