Associating SSO groups with Brightspot roles
In most scenarios, single sign-on servers associate users with groups. Similarly, most publishers associate Brightspot editors with roles. As a best practice, you should associate the SSO groups with the corresponding Brightspot roles. This practice ensures that when an editor successfully logs in through single sign-on, Brightspot associates the editor with the correct role.
Caution
If a group on the SSO server is not associated with a Brightspot role, all users associated with that group are denied login to Brightspot (even if they pass authentication on the SSO server). Ensure all groups on the SSO server are appropriately associated with Brightspot roles.
Warning
If you do not configure any group-role associations, then any editor passing SSO authentication is granted login to Brightspot with no role, which may be the administrator role. Ensure you configure at least one group-role association.
To associate SSO groups with Brightspot roles:
- Click > Admin > Sites & Settings.
- Under Legacy Settings, click Saml.
Under Groups to Roles, do the following:
Click .
- In the Group field, enter a group existing on the SSO server.
- In the Role field, select an existing Brightspot role.
- Repeat steps a–c to associate additional groups to roles.
- Click Save.
Referring to the previous illustration, an editor signing on through SSO and has the group ssoBrightspotEditors receives all the permissions in Brightspot associated with the role editor.
Previous Topic
Activating single sign-on
Next Topic
Reviewing SSO logins