Group SSO
This module automatically assigns users to Drupal groups and roles based on information provided by an external identity manager, currently supporting the SAML protocol. It maps user attributes from the identity provider to predefined group and role memberships within your Drupal site.
The Group SSO (gsso) module allows you to manage group permissions based on a selected user attribute coming from external Identity Manager using protocols like SAML, OpenIDC and others.
Currently only working with the SAML protocol.
Features
- Associate user membership to Groups, Group Roles and Roles according to a user attribute from 3rd Party Identity Manager's
About versions
Version 1 of the module should be used with version 1 of the group module
Version 2 (currently there's a dev release) will target version 2 of the group module
Requirements:
- Group
Configuration
First you need to configure groups how you normally do: create group type, configure group content, group roles, etc.
The configuration page can be found in/admin/group/gsso:
- Select SAML as SSO type (other types under development)
- Choose if you want to update user claims information when it changes (has performance advantages)
- Enter the SSO Attribute machine name
- Choose which separator in SSO Attribute
- Select which user roles should be configured
- Fill the matrix with the strings that match the SSO attribute that gives access to group X (rows) and role Y (columns)