Add Organization Roles and Permissions to the SAML Response

andreea.uriasu · July 16, 2024, 10:33am

Overview

This article addresses the following question:

Is there a way to add organization roles and permissions to the SAML response?

Applies To

Roles
Permissions
SAML response

Solution

This can be achieved for roles with a post-login action using api.samlResponse.setAttribute and event.authorization.roles.

Here’s an example:

exports.onExecutePostLogin = async (event, api) => { api.samlResponse.setAttribute(‘roles’, event.authorization.roles); };

There is no ideal way to add permissions. It is possible to retrieve the permissions for a given role using the GET permissions granted by role endpoint, but this is costly to do in an action, especially in the case of multiple roles as a separate call will need to be made for each.

Topic		Replies	Views
Adding roles to SAML response Help saml	2	3365	March 24, 2023
Post-login action and missing SAML attribute on initial enterprise login Help management-api , actions-management-api	3	1125	January 8, 2024
Read SAML Response Claims from IdPs inside Actions Help saml , sso , login , actions	8	2424	January 12, 2024
Ability to add permissions to users with an organization Feedback permissions , organization	0	283	February 22, 2024
Adding user roles to access token Help management-api , roles	4	9867	January 5, 2023

Add Organization Roles and Permissions to the SAML Response

Overview

Applies To

Solution

Related topics