IDP grouping will be helpful and convenient for administrator to map certain access apps or other configuration based on the group that already created in your external IDP. Please refer to following articles for more information about external IDP configuration:
- OpenID Identity Provider Configuration
- LDAP Identity Provider Configuration
- SAML Identity Providers Configuration
- AD (Active Directory) Identity Provider Configuration
- Azure AD SAML Configuration
In order to do that, you need to have admin user to modify tenant config, please check below KB about Admin access:
- login to https://portal.safous.com
- Go to Settings tab> ZTNA
- In Accounts, choose Groups(IdP)
- Click "New Group" button
- It will expand and there are forms need to be fulfilled.
- When filling the form, please follow these rules:
- Group name is the required filed, which is a unique value with other groups
- Status is optional toggle option, by default it will be enable (green)
- Identity Provider selection option is required to choose, the list will be based on the IDP that you configured in here
- Attribute details are required, here are the example value for "Expected Value" and "Attribute"
- Directory Service (AD/LDAP)
- Expected Value (CN=group-demo2,CN=Users,DC=test-nn,DC=lab)
- Attribute (memberOf)
- SAML & OpenID
- Expected value should be UUID (9d4ba2cf-7649-408c-b8a4-702b2ef44731)
- Attribute is depends on the IDP, for Azure AD (group)
- Directory Service (AD/LDAP)
- When every form/field has been filled, click "Save" button, then pop-up notification for the group has been successfully added will be shown
