Overview
This article addresses the following question:
Is there a way to add organization roles and permissions to the SAML response?
Applies To
- Roles
- Permissions
- SAML response
Solution
This can be achieved for roles with a post-login action using api.samlResponse.setAttribute and event.authorization.roles.
Here’s an example:
exports.onExecutePostLogin = async (event, api) => { api.samlResponse.setAttribute(‘roles’, event.authorization.roles); };
There is no ideal way to add permissions. It is possible to retrieve the permissions for a given role using the GET permissions granted by role endpoint, but this is costly to do in an action, especially in the case of multiple roles as a separate call will need to be made for each.