Add users and groups with SAML SSO
- Applies to:
- All MindTouch Versions
- Role required:
- Admin
Prerequisites
- Understand how SAML SSO authentication may affect your workflows
- Admin access to MindTouch
Set up your MindTouch users and groups
Once SAML is enabled, the IdP becomes authoritative for group membership. Users must be added to groups within the IdP and cannot be managed locally in MindTouch.
- Set up users in your IdP. Refer to your IdP's instructions to create your SSO users and groups.
- Create your user groups in MindTouch.
In MindTouch, create the same groups you created through your IdP. Make sure to name the groups exactly as they appear in your IdP. If you created a group called "Employees" in your IdP, create a group called "Employees" in MindTouch.
You do NOT have to manually add users to MindTouch groups you create. Users are automatically synced to their appropriate groups the next time they log in to MindTouch. To ensure synchronization, ask your users to log out and then log back into MindTouch after updating your group memberships in your IdP.
- Verify user access. Tell your users to log in to MindTouch with their SSO credentials and verify they have access.
Users are added into MindTouch as community members by default. If you want your users to contribute to your content, you must change the users to pro members in the control panel. Pro members that were assigned to groups in your IdP, take on the role assigned to the group in MindTouch.
Troubleshooting tips
A user can't log in to MindTouch but has SSO credentials
Verify the user was created in your IdP.
A user can log in to MindTouch, but can't access a specific section
- Verify the user belongs to the appropriate group
- Verify the group name in MindTouch and the IdP is exactly the same
- Verify the group is permissioned to access the section.