> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bronto.io/llms.txt
> Use this file to discover all available pages before exploring further.

# SSO Role Mapping

> Map SAML attributes from your identity provider to Bronto user roles so user permissions are provisioned automatically from your IdP.

## Prerequisites

In order to set up role mapping, you must first create an attribute mapping to **custom:member\_of** in at least one of your IdPs. This can be done when creating a new IdP or by editing an existing one. Go to the [SSO Overview](/Account-Management/SSO/SSO-Overview) for more information on creating an IdP.

## Map SAML attributes to Bronto Roles

1. Go to **Settings**, open **Authentication**, and click the **SAML Role Mappings** tab.

**NOTE:** If the role mappings list is not visible, you likely don't have the **custom:member\_of** attribute mapping configured in your IdPs. Verify this is configured, and contact support in case of any issues.

1. Click the **+ New Mapping** button in the top right corner to begin creating new role mappings. A popup should appear.

2. In the popup, fill in the possible value of the **custom:member\_of** attribute and the appropriate Bronto role from the dropdown. Each user with a matching value, will be given the corresponding role.

3. If you wish, you can use the **add new row** button to configure multiple mappings in one go.

4. Press **Create** to create and enable the mappings.

5. If you wish to edit an existing mapping, hover over it in the list and press the pencil(**Edit**) button.

<Note>
  If you configure multiple mappings with the same value, only the latest one will be in effect.
</Note>

When a user with a specified identity provider attribute logs in, they will be given the appropriate Bronto role. Likewise if the attribute is removed, their role will also be removed.

<Warning>
  If a user doesn't match any attribute mappings, they will be given the **Standard** role by default.
</Warning>
