Drupal is a registered trademark of Dries Buytaert
drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). editoria11y 2.2.22 Minor update available for module editoria11y (2.2.22). ai 1.2.13 Minor update available for module ai (1.2.13). ai 1.3.2 Minor update available for module ai (1.3.2). moderated_content_bulk_publish 2.0.51 Minor update available for module moderated_content_bulk_publish (2.0.51). moderated_content_bulk_publish 2.0.50 Minor update available for module moderated_content_bulk_publish (2.0.50). editoria11y 2.2.21 Minor update available for module editoria11y (2.2.21). eca 3.1.0 Minor update available for module eca (3.1.0). sophron 3.1.1 Minor update available for module sophron (3.1.1). ai 1.3.1 Minor update available for module ai (1.3.1). seven 2.0.0-beta6 New beta version released for theme seven (2.0.0-beta6). seven 1.0.1-beta1 First beta version released for theme seven (1.0.1-beta1). devel Module devel crossed 1,000 active installs. redirect Module redirect crossed 1,000 active installs. webform Module webform crossed 1,000 active installs. captcha Module captcha crossed 1,000 active installs.
← All modules

samlauth_restrict_to_ou

No security coverage
View on drupal.org

SAML Authentication Restrict to OU provides a security layer for the SAML Authentication module by restricting site access based on Organizational Unit (OU) attributes sent by the Identity Provider (IdP).

This module is specifically designed for Enterprise environments using Active Directory, allowing administrators to limit site access to specific departments or groups within a large organization without the overhead of managing individual Drupal roles for every user.

Features

  • Restrict Login Toggle: A master switch that allows you to enable or disable the restriction logic globally without losing your settings.
  • Distinguished Name (DN) Parsing: Automatically extracts multiple OU values from complex DN strings commonly sent by Active Directory (e.g., CN=user,OU=Marketing,OU=Users...).
  • Strict Mode: Optionally require that a user belongs to all listed OUs rather than just one (AND vs OR logic).
  • Customizable Access Denied Message: Control the exact message shown to rejected users, with support for basic HTML markup to ensure visibility.

Requirements

This module requires the SAML Authentication module.

Installation

Install as you would normally install a contributed Drupal module. For further information, see Installing Drupal Modules.

Configuration

The configuration form is located at:

/admin/config/people/saml-restrict

From the configuration form you can:

  • Restrict Login to OUs: Enable the master toggle to begin enforcing restrictions.
  • SAML Attribute Name: Set this to the attribute containing your OU data. In most AD setups, this is dn.
  • Allowed OUs: Enter the names of authorized OUs, one per line (e.g., Staff, Faculty, Marketing). This check is case-insensitive to ensure reliable matching across directory updates. Do not include "ou=" prefixes.
  • Strict Mode: Check this if a user must be a member of every OU listed to gain access.
  • Access Denied Message: Customize the message displayed to users who are rejected. Basic HTML like <strong> and <p> is supported.

Activity

Total releases
6
First release
Apr 2026
Latest release
4 hours ago
Release cadence
0 days
Stability
83% stable

Release Timeline

Releases

Version Type Release date
1.0.4 Stable Apr 10, 2026
1.0.3 Stable Apr 10, 2026
1.0.2 Stable Apr 10, 2026
1.x-dev Dev Apr 10, 2026
1.0.1 Stable Apr 10, 2026
1.0.0 Stable Apr 10, 2026