Add group/role in HelloID SAML IDP | Voters

Add group/role in HelloID SAML IDP

Bernard Moeskops

I would like to be able to map a role (or group if role is not possible) to users who are created in HelloID, by a SAML IDP (JIT). Currently the SAML IDP mapping does not support mapping roles.

December 2, 2020

Twan Duvigneau

To add to this:
We would like this option to create an Identity provider for our support engineers so we dont need to create an unnecessary amount of Accounts with administrator access, for example for our 24x7 engineers. 
By adding support to configure a role in the OIDC mapping we can use to create/sign in users with Administrator access by default, this would eliminate the need of special syncs or service automation flows in customer portals etc (which is a bigger problem for customers that don't already have service automation licenses). The current problem is that role claims are ignored in the mapping and there is no support for array datatypes (see screenshots.)
Another way to achieve the same wish would be to make the default group setting conditional (by Identity Provider for example). This way we can create a condition that would add a group with Administrator access only for the people that need privileged access.
With one of the options above we'll be able to effectively manage privileged access for our support engineers, while maintaining the principle of using only named accounts.

Niek de Melker

Love this, would be very useful for an administrator IDP