SAML2 user manager
You can allow users who already have an account in an identity manager that uses SAML2 to connect to JMap Web and JMap NG applications using that account.
SAML is an open standard that establishes a single sign-on between an identity manager and an application server such as JMap. This site provides details on SAML2.
Configuring a SAML2 user manager is complex. Your organization’s IT department will provide the settings related to SAML2. The following table describes the settings related to JMap.
SAML2 user manager |
|
Friendly name | This name allows you to easily identify the SAML2 user manager in JMap Server and identify the users from this manager. |
Administrator password | An administrator is automatically created when this manager is used. You must enter the password of this account in this field. |
Groups | Unlike with Active Directory and LDAP, user accounts from the SAML2 manager are not known in advance because they are created as the users connect to a JMap Web or JMap NG application. That said, how can permissions be granted on JMap’s resources to users who are not known in advance? Groups that are defined in advance allow you to grant permissions related to JMap’s resources. When a user connects to a JMap application for the first time, SAML2 assigns the user to one or more of the groups defined in Groups attribute based on the information in that user’s profile. Since the SAML2 user manager is in read-only mode, you cannot create users or groups in JMap’s Users and Groups sections. This setting allows you to create groups by entering their names. Afterwards, you can grant permissions to these groups, which contain the users from SAML2. There must be an exact match between the names of the groups in SAML2 and the groups you create using this setting. If a user connects to an application for the first time via SAML2 and his/her profile indicates a group that doesn’t exist in JMap, the group will be created automatically and will be displayed in the Groups section. |
Default group | Select the group to which you will assign all users who are not assigned to a group in SAML2 (in Groups attribute). Example: you can create a group called Guests; all users who connect to a JMap Web or JMap NG application for the first time and whose profile in SAML2 doesn’t indicate a group will be assigned to this Guests group. You can grant access permissions to the Guests group for a specific project. |
Button image | This image appears in the homepage of the JMap Web or JMap NG application and identifies the access to the SAML2 manager to log in.
Press Choose to select the image.
The image must have a maximum size of 100 |
Button label | This text appears in the identification button with the image. |
SSO callback URL | Your IT department will provide this information. |
Client name | The name given by JMap to the SAML2 user manager. This name integrates and completes the URL of the SAML2 manager. |
IdP Metadata | Your IT department will provide this information. |
SP Entity ID | Your IT department will provide this information. |
Username / ID attribute | Optional setting. Indicates the attribute containing the user name in SAML2. Your IT department will provide this information. |
Email attribute | Optional setting. Indicates the attribute containing the email address in SAML2. Your IT department will provide this information. |
First name attribute | Optional setting. Indicates the attribute containing the user’s first name in SAML2. Your IT department will provide this information. |
Last name attribute | Optional setting. Indicates the attribute containing the user’s last name in SAML2. Your IT department will provide this information. |
Groups attribute | Optional setting. Indicates the customizable attribute that allows you to define groups in SAML2 to which the users are assigned. These groups are displayed in the Users and Groups sections in JMap. Your IT department will assist you with this setting. |
Dernière mise à jour