Newb - Rule If/Then Question

auth.hero · October 8, 2019, 8:42pm

I got SAML2 working to AWS IAM with Auth0 as my IDP, with a single role. Now, I am trying to implement rules to assign different AWS roles based on user app metadata. I have it working but I am wondering if this is the most efficient route. Thoughts?

function (user, context, callback) {
	console.log('[before] user.app_metadata: ' + user.app_metadata.aws_role);
  
  user.app_metadata = user.app_metadata || {};

  if (user.app_metadata.aws_role === "AWS-FullAdmin") {
    user.awsRole = 'arn:aws:iam:::role/Auth0-FullAdmin,arn:aws:iam::111:saml-provider/Auth0_SAML_Provider';
  }
if (user.app_metadata.aws_role === "AWS-ReadOnlyAccounts") {
    user.awsRole = 'arn:aws:iam::111:role/Auth0-ReadOnlyAccounts,arn:aws:iam::111:saml-provider/Auth0_SAML_Provider';
  	console.log('awsrole1 is : ' + user.awsRole);
  }
  
  user.awsRoleSession = user.name;
  context.samlConfiguration.mappings = {
    'https://aws.amazon.com/SAML/Attributes/Role': 'awsRole',
    'https://aws.amazon.com/SAML/Attributes/RoleSessionName': 'awsRoleSession'
  };

  callback(null, user, context);

}

I’m just trying something simple, which is: if user has app metadata aws_role value of AWS-FullAdmin, then pass the Admin specific AWS attribute. If aws_role is ReadOnly, pass the read only attribute.

thomas.osborn · November 3, 2019, 5:23am

Hello auth.hero, and great name!

That seems efficient to me. Was there any part you were particular concerned might be inefficient? In general, the only efficiency concerns in rules are that you avoid calling the management API too much (which you are not doing), making them too large (but your rule is very small), or making sure they end as early as possible / run quickly (which this should do).

konrad.sopala · January 8, 2024, 8:55am

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!

Topic		Replies	Views
Writing a rule to map a role to a user - for connecting to a cloud environment Help saml2	2	2942	February 27, 2021
How do I convert this rule to action? Help configuration , application	2	955	September 10, 2023
AWS SSO with action and not rules Help login-experience , login-prompt-new-experience	2	7	October 8, 2024
Auth0 assume AWS IAM role to launch AppStream 2.0 Help aws	0	2551	January 21, 2022
Nextcloud SAML Username Mapping Rule Help	3	3051	January 22, 2024

Newb - Rule If/Then Question

Related Topics