Knowledge Drop

Turning off Group to Role Mapping on SAML / LDAP

Userlevel 5

Last tested: Feb 6, 2020

If you turn off group to role mapping but continue to use SAML / LDAP as your auth method, you may run in to an issue with permissions due to shadow groups persisting after this option is turned off. If you're lowering permissions for some users, they may still have the elevated permissions due to the shadow groups.

You can turn back on group to role mapping with lower permissions to ensure that users don't get permissions you don't intend (though make sure you've turned on alternate login for specified users so Admins don't lose privileges and get locked out!)


This content is subject to limited support.                



0 replies

Be the first to reply!