SAML Mappings
SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) such as Okta, and a service provider (SP) such as Amorphic Data Cloud In Amorphic Data Cloud, Users/API calls get authenticated using Cognito. The authentication token received has the groups embedded in it. These groups will have role assigned to it Amorphic application. User will be granted access to the role based on the groups assigned to him in identity provider(IdP) such as Okta.
Amorphic provides SAML Groups with access to application resources through its roles. SAML Groups are the groups in an Idp which contains a list of users. To delegate the users in the group with certain set of permissions in the Amorphic application, map the group with the application role. To know more about the roles in Amorphic application roles click on the link Role Base Access Control - (RBAC)
What is a SAML Mapping?
A SAML mapping is a way of assigning a SAML Group with a role in Amorphic application. An administrator in the Amorphic application will have permissions to perform this operation.
SAML Mapping Metadata Information
Type | Description |
---|---|
SamlGroupId | SAML Group name which the administrator has to enter manually. |
RoleId | Id of the role which will be used by the users of the group. Administrator selects the name of the role from the drop down. |
CreationTime | Timestamp when the mapping was created. |
CreatedBy | Administrator who created the mapping. |
SAML Mapping Operations
Administrator of the Amorphic Application can add a mapping, edit or delete an existing mapping.
- Add New Mapping : Add a new mapping by entering a SAML group name and choosing a role name from the drop down.
- Edit Mapping : Edit an existing mapping
- Delete Mapping : Delete an existing mapping
Add New Mapping
You can add a new mapping in the Amorphic application by using the "Add New Mapping" functionality.
In order to add a new mapping, you need to be an administrator in the application. Below is the image that shows how to add a new mapping.
Edit Mapping
You can edit an existing mapping. You can change the role associated with the group but not the other way. To change the group name delete the existing mapping and add a new one.
Below is the image that will show how to edit a mapping.
Delete Mapping
You can delete an existing mapping.
Below is the image that will show how to delete a mapping.
Below are some the important points that the Amorphic administrator needs to keep in mind when a mapping is added or deleted.
- If a user is a part of a SAML group and there is a mapping of the SAML group to an application role which the user already has access to will loose the access to role when the mapping is deleted or when the user is removed from the SAML group.
- This only doesn't apply to default-role i.e., if there is a mapping between a SAML group and a default-role and when a user has been removed from the SAML group or the mapping in the Amorphic application is deleted. The user won't loose access to the default role. Had it been some other role he would have lost access to it.
- If a user tries to make a /users/{id} call for themselves using a PAT Token, user will get removed from the role attached to their SAML mapping.