Add ability to read SAML Groups
Posted: Thu Jul 21, 2022 2:28 pm
We currently have our Access Server setup to place each of our various teams into separate groups based on groups that were previously provided via LDAP with the "post-auth" script.
This functionality appears to be missing when using SAML auth.
Appreciate this method only got introduced with 2.11 but thought it would be worth mentioning ASAP as this is one feature currently holding us back from rolling out to the broader company.
From our initial testing with the IT Team members, it's possible to get the SAML auth to reference their existing user profiles by changing the NameID sent, but if we did get any new people to join we'd need to manually create their profiles and amend some other settings first before they connect which is something we'd prefer to avoid.
Overall tho the SAML method has been a big hit! So much nicer NOT to need to enter a password and TOTP code each time and we've also found the VPN reconnects each morning effortlessly once we authenticate to our SSO service
This functionality appears to be missing when using SAML auth.
Appreciate this method only got introduced with 2.11 but thought it would be worth mentioning ASAP as this is one feature currently holding us back from rolling out to the broader company.
From our initial testing with the IT Team members, it's possible to get the SAML auth to reference their existing user profiles by changing the NameID sent, but if we did get any new people to join we'd need to manually create their profiles and amend some other settings first before they connect which is something we'd prefer to avoid.
Overall tho the SAML method has been a big hit! So much nicer NOT to need to enter a password and TOTP code each time and we've also found the VPN reconnects each morning effortlessly once we authenticate to our SSO service