SAML Group Mapping
With SAML authentication, users can connect to your Access Server with their SAML credentials and get access to resources. You can configure the access control rules for granting access to apply globally for all users or on a per-user and per-group basis. Normally, the server administrator assigns users to groups, but you can automate group assignments.
After successful authentication, the Access Server can run a post-auth (post-authentication) script written in Python3 to perform additional tasks. We provide a post-auth script that reads a SAML group membership attribute sent by the IdP and uses that to automatically assign the user to a group in Access Server. Ensure you define these group mappings in the post-auth script and configure the SAML IdP to send the group information to the Access Server in the SAML assertion.