Skip to main content

Tutorial: How to Set SAML for Specific Users and Groups

Abstract

Access Server provides granular access control, including the ability to authenticate with SAML for specific users and groups. Here's how to set it up.

Overview

You can allow specific users and groups to sign in through SAML without setting it as the default authentication method for all of your Access Server users. Before you can do this, you must first configure SAML. Once you’ve configured and enabled SAML, you will have the option to add users and groups and configure them to use the SAML authentication system.

Prerequisites

  • SAML is configured in the Admin Web UI with your IdP.

  • You have users or groups added in the Admin Web UI.

Set SAML auth method for users or groups

  1. Sign in to your Admin Web UI.

  2. Click Authentication > SAML and ensure you have the information saved for your IdP. (Ensure you've correctly configured SAML with your IdP first.)

  3. Enable SAML by clicking the toggle for Enable SAML authentication.

  5. Assign it to users or groups:

    • For users: Click User Management > User Permissions, click More Settings, and select SAML under Auth method.

    • For groups: Click User Management > Group Permissions, click More Settings, and select SAML under Auth method.

Important

When adding SAML users to Access Server, remember to enter them in the same format that the IdP uses, which is typically in lowercase format only. This is the format used by SAML assertions.

In this section: