Skip to main content

Tutorial: How to Set SAML for Specific Users and Groups

Abstract

Access Server allows granular access control including authenticating with SAML for specific users and groups. Here's how to set it up.

Overview

You can allow specific users and groups to sign in through SAML without setting it as the default authentication method for all of your Access Server users. Before you can do this, you must first configure SAML. Once you’ve configured and enabled SAML, you will have the option to add users and groups and configure them to use the SAML authentication system.

Prerequisites

  • SAML is configured in the Admin Web UI with your IdP.

  • You have users or groups added in the Admin Web UI.

Set SAML auth method for users or groups

  1. Sign in to your Admin Web UI.

  2. Click Authentication > SAML and ensure you have the information saved for your IdP. (Ensure you've correctly configured SAML with your IdP first.)

  3. Enable SAML by clicking the toggle for Enable SAML authentication.

  5. Assign it to users or groups:

    • For users: Click User Management > User Permissions, click More Settings, and select SAML under Auth method.

    • For groups: Click User Management > Group Permissions, click More Settings, and select SAML under Auth method.

Important

When you add SAML users to Access Server, remember to add them in the same format that the IdP uses, which is normally in lower-case format only. This is the format that SAML assertions use.

In this section: