This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Pairing IdP Attributes with Looker User Attributes

on ‎05-07-2021 09:00 AM

LookerExperts
Staff
0 0 246
Knowledge Drop

Last tested: Oct 3, 2019
 

You can pair IdP attributes to Looker user attributes in order to get user-specific settings into Looker (for example if you're using a parametrized connection or access grants). This can be helpful if you already have attributes set in IdP that you want to use in Looker, or would prefer to set permissions like this in IdP rather than Looker, so the IdP can act as the single source of role truth.

Example

For example, you might have a SAML attribute set in your IdP for department which takes on the values finance, sales, or marketing. In Looker, you may require only the finance department to see the payroll values of the organization.

In order to make oversight of this user attribute more seamless, you can map a Looker user attribute to the department SAML attribute. Here are the steps:

  1. Create a new user attribute in Looker. (If you have an existing user attribute in Looker that you want to map to the SAML attribute, then you can skip this step!)
    1. In this example, we'll create a user attribute called dept . The options for "User Access" and "Hide Values" are not important.
  2. Pair the SAML user attribute to the Looker user attribute. When we're done, this example should look like this (in the Admin > SAML settings page):
    Screen Shot 2019-10-28 at 12.02.44 PM.png
     

This content is subject to limited support.                

Topic Labels
0 Likes
Version history
Last update:
‎05-07-2021 09:00 AM
Updated by: