Skip to main content

SSO Role Mapping

Overview

With Bronto, you can map the attributes in your Identity Provider (IdP)'s response to Bronto user roles.

Setting up a mapping from SAML attributes to Bronto roles allows you to manage the user roles solely in your identity provider. Bronto then provisions the users according to the mappings you set up.

Prerequisites

In order to set up role mapping, you must first create an attribue mapping to custom:member_of in at least one of your IdPs. This can be done when creating a new IdP or by editing an existing one. Go to the SSO Overview for more information on creating an IdP.

Map SAML attributes to Bronto Roles

  1. Go to Organization Settings and click the Role Mappings tab.

NOTE: If the role mappings list is not visible, you likely don't have the custom:member_of attribute mapping configured in your IdPs. Verify this is configured, and contact support in case of any issues.

  1. Click the + New Mapping button in the top right corner to begin creating new role mappings. A popup should appear.

  2. In the popup, fill in the possible value of the custom:member_of attribute and the appropriate Bronto role from the dropdown. Each user with a matching value, will be given the corresponding role.

  3. If you wish, you can use the add new row button to configure multiple mappings in one go.

  4. Press Create to create and enable the mappings.

  5. If you wish to edit an existing mapping, hover over it in the list and press the pencil(Edit) button.

NOTE: If you configure multiple mappings with the same value, only the latest one will be in effect.

When a user with a specified identity provider attribute logs in, they will be given the appropriate Bronto role. Likewise if the attribute is removed, their role will also be removed.

Note

If a user doesn't match any attribute mappings, they will be given the Standard role by default.