zlacker

[parent] [thread] 2 comments
1. dqh+(OP)[view] [source] 2024-07-31 10:02:38
Thank you for this, it’s sorely needed.

One thing I didn’t see mention of is group membership. Is this / will this be part of the core offering? Being able to map IDP group membership to permissions within your SaaS is powerful, and in my experience highly desired by clients.

replies(1): >>ucario+IN
2. ucario+IN[view] [source] 2024-07-31 16:47:08
>>dqh+(OP)
Yeah, we have this -- if you check out the docs for the endpoint where you accept a SAML login[1], there's an `attributes` (map<string, string>) that SSOReady returns to you. That contains the contents of the relevant SAML assertion's AttributeStatement.

So if you're familiar with Okta's parlance, both "Attribute Statements" and "Group Attribute Statements" are returned to you in `attributes`.

[1]: https://ssoready.com/docs/api-reference/saml/redeem-saml-acc...

replies(1): >>dqh+WH1
◧◩
3. dqh+WH1[view] [source] [discussion] 2024-07-31 22:45:03
>>ucario+IN
Magnificent, thank you!
[go to top]