gsso

The Group SSO (gsso) module allows you to manage group permissions based on a selected user attribute coming from external Identity Manager using protocols like SAML, OpenIDC and others.

Currently only working with the SAML protocol.

Features

• Associate user membership to Groups, Group Roles and Roles according to a user attribute from 3rd Party Identity Manager's

About versions
Version 1 of the module should be used with version 1 of the group module
Version 2 (currently there's a dev release) will target version 2 of the group module

Requirements:
- Group

Configuration

First you need to configure groups how you normally do: create group type, configure group content, group roles, etc.

The configuration page can be found in/admin/group/gsso:

1. Select SAML as SSO type (other types under development)
2. Choose if you want to update user claims information when it changes (has performance advantages)
3. Enter the SSO Attribute machine name
4. Choose which separator in SSO Attribute
5. Select which user roles should be configured
6. Fill the matrix with the strings that match the SSO attribute that gives access to group X (rows) and role Y (columns)