Map SAML Security Groups to CSM Security Groups
Map SAML groups to CSM Security Groups to ensure that new and updated user accounts are added to the correct CSM Security Group when users log in using SAML.
You need the list of groups you added in the AD FS Management tool. See Configure Groups in ADFS.
Keep in mind that users can belong to multiple SAML groups but only one CSM Security Group. You can associate multiple SAML groups to a single CSM Security Group, but you cannot assign a single SAML group to multiple CSM Security Groups.
For example, a user may belong to two SAML groups:
- Domain Admins
- Network Admins
In this case, you must choose one CSM Security Group for the user, such as the Admin group.
- In CSM Administrator, open the Security Group Manager (Security > Edit security groups).
- From the Group drop-down list, select the CSM Security Group you want to map to a SAML group.
- Select the Users page.
- In the SAML Groups area, select Add.
- Type the name of the SAML group to associate with the selected CSM Security Group.
- Select OK.
If you have already mapped the SAML group to a different CSM Security Group, you are given the option to change the assignment to the group you are currently modifying.
- Repeat this step for each SAML group that should be mapped to the CSM Security Group.
- Select Order Groups.
- Order the list to determine the assignment priority for users who belong to multiple SAML groups. When these users log in using SAML, the first SAML group found determines which CSM group the users are assigned to.
- Select OK.