Tutorial: How to Set SAML for Specific Users and Groups
Access Server provides granular access control, including the ability to authenticate with SAML for specific users and groups. Here's how to set it up.
Overview
You can allow specific users and groups to sign in through SAML without setting it as the default authentication method for all of your Access Server users. Before you can do this, you must first configure SAML. Once you’ve configured and enabled SAML, you will have the option to add users and groups and configure them to use the SAML authentication system.
SAML is configured in the Admin Web UI with your IdP.
You have users or groups added in the Admin Web UI.
Sign in to your Admin Web UI.
Click Authentication.
Click the SAML tab and ensure you have the information saved for your IdP. (Ensure you've correctly configured SAML with your IdP first.)
Enable SAML by clicking Enabled for Enable SAML authentication, then click Save and Restart.
You can now assign SAML to users or groups:
For users: Click Users, then click on the individual user, and select SAML from the Auth method drop-down.
For groups: Click Groups, then click on the specific group, and select SAML from the Auth method drop-down.
Tip
You may need to uncheck Use default setting to change the user or group auth method.
After changing a user or group authentication method, click Save and Restart.
Important
When adding SAML users to Access Server, remember to enter them in the same format that the IdP uses, which is typically in lowercase format only. This is the format used by SAML assertions.