Add users and groups with SAML SSO
- Applies to:
- All MindTouch Versions
- Role required:
- Admin
Prerequisites
- Understand how SAML SSO authentication may affect your workflows
- Admin access to Expert
Set up your Expert users and groups
Once SAML is enabled, the IdP becomes authoritative for group membership. Users must be added to groups within the IdP and cannot be managed locally in Expert.
- Set up users in your IdP. Refer to your IdP's instructions to create your SSO users and groups.
- Create your user groups in Expert.
In Expert, create the same groups you created through your IdP. Make sure to name the groups exactly as they appear in your IdP. If you created a group called "Employees" in your IdP, create a group called "Employees" in Expert.
You do NOT have to manually add users to Expert groups you create. Users are automatically synced to their appropriate groups the next time they log in to Expert. To ensure synchronization, ask your users to log out and then log back into Expert after updating your group memberships in your IdP.
- Verify user access. Tell your users to log in to Expert with their SSO credentials and verify they have access.
Users are added into Expert as community members by default. If you want your users to contribute to your content, you must change the users to pro members in the control panel. Pro members that were assigned to groups in your IdP, take on the role assigned to the group in Expert.
Troubleshooting tips
A user cannot log in to Expert but has SSO credentials
Verify the user was created in your IdP.
A user can log in to Expert, but cannot access a specific section
- Verify the user belongs to the appropriate group
- Verify the group name in Expert and the IdP is exactly the same
- Verify the group is permissioned to access the section.