Mapping external roles


Configuring an external SSO connection alone does not deliver a consistent user experience across the enterprise. Users need their roles retained in both SSO systems. To maintain role integrity, map their external roles in Access Manager. Role mapping becomes an available option after you add an external SSO configuration.

To map an external role

  1. From the Access Manager Configure SSO tab, select the name of the external SSO configuration.
  2. Select the Role Mapping tab, and then click Add.
  3. Enter an external role, and then select an equivalent Access Manager role. 

    Note

    You can enter up to five roles at a time.

  4. When you finish entering external roles and mapping their corresponding Access Manager roles, click Save. To add an external role of "Comptroller" with full access to the application, enter the role name, Comptroller, and then select ADMIN, as shown in the following figure.

    External role mapping example
    externrole_52886_516.gif

To edit external role mappings

  1. From the Configure SSO tab, select the name of the external SSO configuration that contains the role mappings that you want to modify.
  2. Select the Role Mapping tab, and then click Edit.
  3. Complete the changes to the external roles:
    • To change an external role name, highlight the current role name, and then type the new role name in its place.
    • To add or remove role mappings, select or clear the appropriate check boxes.
  4. Click Save.

To delete external role mappings

  1. From the Configure SSO tab, select the name of the external SSO configuration that contains the role mappings you want to delete.
  2. Click the Role Mapping tab.
  3. Select the external role that you want to remove; then click Delete.
  4. Click Save.

Tip

To select all external role mappings, select the check box at the column heading of the external role mappings table.

Related topics

Configuring-an-external-SSO-connection
Working-with-roles

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*