IDP grouping will be helpful and convenient for administrator to map certain access apps or other configuration based on the group that already created in your external IDP. This guide will instruct you on how to create an IdP Group on the Safous Admin portal.
Prerequisites
- You need to have admin user to modify tenant config. Please refer to the article below about Admin access:
- You need to have an existing external IdP configured on the Safous Admin portal. Please refer to the following articles for more information about external IDP configuration:
Creating IdP Group in Admin Portal
- Navigate to Settings > ZTNA > Accounts > Groups(IdP)
- Click the "New Group" button which will expand a form with several fields that need to be filled.
- When filling the form, please refer to the information about each fields explained below:
- Group name is a required field, which need to have a unique value among other groups
- Status refers to the status of the IdP group, whether it is enabled (green) or disabled (grey). By default, it will be enabled (green)
- Identity Provider selection is required. The list will be based on the IDP that you have configured before.
- Attribute details are required fields, which consisted of the field for Expected Value and Attribute. Below are some example values for the Expected Value and Attribute fields.
- Directory Service (AD/LDAP)
- Expected Value (CN=group-demo,CN=Users,DC=test,DC=lab)
- Attribute (memberOf)
- SAML & OpenID
- Expected value should be UUID (9d4ba2cf-7649-408c-b8a4-702b2ef44731)
- The value for Attribute depends on the IDP, for Azure AD (group)
- Directory Service (AD/LDAP)
- Once the configuration has been done, click the "Save" button. A pop-up notification will then appear to confirm that the group has been successfully added.
