This page contains legacy documentation with screenshots matching older versions of Kantega SSO Enterprise than 5.3, which introduced some new changes to these settings.
Introduction
Kantega SSO allow Atlassian applications to read user permission data as a part of SAML and OpenID Connect (OIDC) login flows. The handling of these permissions can be both managed and auto created.
See also
| Page Tree | ||||
|---|---|---|---|---|
|
When using managed groups
When a group is configured as managed in Kantega SSO, the following will happen when a user is logged in:
...
Only groups which are explicitly configured as managed by Kantega SSO will be affected by this feature. All other groups are ignored, so you will still be able to manage some groups locally if you wish.
When using auto create groups
...
Auto created groups when enabled will create all groups and assign users to all claims included by the identity provider in the SAML or OIDC response.
You may also enable to remove memberships from user that does not exist in the incoming claim. In this way all group memberships that your identity provider has for a given user will be synchronized on each login.
Configuring the identity provider
The first step is configuring the IDP to include group claims in authentication response messages (SAML) or UserInfo endpoint response (OIDC) when users log in. This is typically done in the IDP's administration console and depends on the IDP. We have included guides for some frequently requested IDPs. You may also consult your IDP's documentation or ask their support directly.
| Page Tree | ||||
|---|---|---|---|---|
|
Test that the IDP is sending group claims
Once the identity provider is configured, run a SAML authentication test to verify that the identity provider actually sends the expected group claims. If group claims are detected, the test page will notify you of this and provide options for further configuration.
...