Map SAML groups to
CSM
Security Groups to ensure that new and updated user accounts are added to the
correct
CSM
Security Group when users log in using SAML.
You need the list of groups you added in the AD FS Management tool.
See
Configure Groups in ADFS.
Keep in mind that users can belong to multiple SAML groups but only
one
CSM
Security Group. You can associate multiple SAML groups to a single
CSM
Security Group, but you cannot assign a single SAML group to multiple
CSM
Security Groups.
For example, a user may belong to two SAML groups:
- Domain Admins
- Network Admins
In this case, you must choose one
CSM
Security Group for the user, such as the Admin group.
- In
CSM Administrator, open the
Security Group Manager ().
- From the
Group drop-down list, select the
CSM
Security Group you want to map to a SAML group.
- Select the
Users page.
- In the SAML Groups area, select
Add.
- Type the name of the SAML group to associate with the selected
CSM
Security Group.
- Select
OK.
If you have already mapped the SAML group to a different
CSM
Security Group, you are given the option to change the assignment to the group
you are currently modifying.
- Repeat this step for each SAML group that should be mapped to the
CSM
Security Group.
- Select
Order Groups.
- Order the list to determine the assignment priority for users who
belong to multiple SAML groups. When these users log in using SAML, the first
SAML group found determines which
CSM
group the users are assigned to.
- Select
OK.