This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Turning off Group to Role Mapping on SAML / LDAP

on ‎07-07-2021 01:59 PM

LookerExperts
Staff
0 0 62
Knowledge Drop

Last tested: Feb 6, 2020
 

If you turn off group to role mapping but continue to use SAML / LDAP as your auth method, you may run in to an issue with permissions due to shadow groups persisting after this option is turned off. If you're lowering permissions for some users, they may still have the elevated permissions due to the shadow groups.

You can turn back on group to role mapping with lower permissions to ensure that users don't get permissions you don't intend (though make sure you've turned on alternate login for specified users so Admins don't lose privileges and get locked out!)

This content is subject to limited support.                

Topic Labels
0 Likes
Version history
Last update:
‎07-07-2021 01:59 PM
Updated by: