ScreenSteps supports user group assignment via the SAML Assertion that an IDP sends to ScreenSteps when a user logs in. To turn this feature on the Manage each user's groups through IDP checkbox needs to be checked in the Identity Provider (IDP) configuration in ScreenSteps.
When using this feature the groups assigned when logging in from the IDP will be the only groups the user is associated with. If you manually add the user to other groups in ScreenSteps they will be removed from the groups the next time they log in.
You can include the group names in the
The attribute can contain one or more
<AttributeValue> elements with a group name. Here is an example that would make sure the user belongs to the Call Center Agents and Call Center Agent Administrator groups each time they log in.
<Assertion ...> <AttributeStatement> ... <Attribute Name="http://schemas.xmlsoap.org/claims/Groups"> <AttributeValue>Call Center Agents</AttributeValue> <AttributeValue>Call Center Agent Administrator</AttributeValue> </Attribute> ... </AttributeStatement> </Assertion>
Any groups listed in this attribute will be combined with the group associated with the IDP in the User Properties tab of the IDP configuration in ScreenSteps. In the example above the user would end up being associated with three different groups each time they log in.