Drupal is a registered trademark of Dries Buytaert
drupal 11.3.8 Update released for Drupal core (11.3.8)! drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)! drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! video_embed_field 3.1.0 Minor update available for module video_embed_field (3.1.0). bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). trash 3.0.27 Minor update available for module trash (3.0.27). twig_tweak 4.0.0-alpha2 New alpha version released for module twig_tweak (4.0.0-alpha2). twig_tweak 4.0.0-alpha1 First alpha version released for module twig_tweak (4.0.0-alpha1). node_revision_delete 2.1.1 Minor update available for module node_revision_delete (2.1.1). commerce_paypal 2.1.2 Minor update available for module commerce_paypal (2.1.2). ckeditor5_premium_features 1.8.1 Minor update available for module ckeditor5_premium_features (1.8.1). ckeditor5_plugin_pack 1.5.2 Minor update available for module ckeditor5_plugin_pack (1.5.2). node_revision_delete 2.1.0 Minor update available for module node_revision_delete (2.1.0).
← All modules

sso_connector_permissions

No security coverage
View on drupal.org

Introduction

SSO Connector – Permissions centralizes authorization management across SSO-connected Drupal sites.
It allows an Identity Provider (IdP) to define which roles and access policies users receive on each Service Provider (SP).

This module is intended for organizations that need consistent, auditable permission control across multiple Drupal properties while keeping local sites aligned with central policy.

Features

  • Central role mapping: define SP-specific role assignments from the IdP.
  • Per-user overrides: apply targeted exceptions for individual users.
  • Token-level permission data: enrich SSO token payload with authorization context.
  • Automatic role application on SP: apply mapped roles during SSO user synchronization.
  • Role change propagation: queue/push updates when role state changes at source.
  • Policy extension points: hooks/logic for advanced transfer and synchronization rules.
  • Drupal 10/11 support.

Post-Installation

Configure at:
Administration > Configuration > System > SSO Connector > Permissions.

  • Enable the module on IdP and participating SP sites.
  • Register SP sites and configure role mappings per site.
  • Set optional per-user overrides.
  • Enable automatic apply/push behavior according to your governance model.
  • Validate login flow and resulting role assignments on SPs.

Requirements

  • Drupal: 10 or 11
  • Required: SSO Connector core module
  • Required: Drupal User module

Supporting this Module

Contributions are welcome. Real-world mapping cases, edge-case role transitions, and synchronization feedback are especially valuable for improving centralized authorization reliability.

Activity

Total releases
1
First release
Apr 2026
Latest release
14 hours ago
Release cadence
Stability
0% stable

Releases

Version Type Release date
1.0.0-beta1 Pre-release Apr 26, 2026