Add users and groups with SAML SSO

Last updated
Save as PDF

Applies to:: All versions
Role required:: Admin

Prerequisites

Understand how SAML SSO authentication may affect your workflows
Admin access to NiCE KM

Set up your NiCE KM users and groups

Once SAML is enabled, the IdP becomes authoritative for group membership. Users must be added to groups within the IdP and cannot be managed locally in NiCE KM.

Set up users in your IdP. Refer to your IdP's instructions to create your SSO users and groups.
Create your user groups in NiCE KM.

In NiCE KM, create the same groups you created through your IdP. Make sure to name the groups exactly as they appear in your IdP. If you created a group called "Employees" in your IdP, create a group called "Employees" in NiCE KM.

You do NOT have to manually add users to NiCE KM groups you create. Users are automatically synced to their appropriate groups the next time they log in to NiCE KM. To ensure synchronization, ask your users to log out and then log back into NiCE KM after updating your group memberships in your IdP.
Verify user access. Tell your users to log in to NiCE KM with their SSO credentials and verify they have access.

Users are added into NiCE KM as community members by default. If you want your users to contribute to your content, you must change the users to pro members in the control panel. Pro members that were assigned to groups in your IdP, take on the role assigned to the group in NiCE KM.

Troubleshooting tips

A user cannot log in to NiCE KM but has SSO credentials
Verify the user was created in your IdP.

A user can log in to NiCE KM, but cannot access a specific section

Verify the user belongs to the appropriate group
Verify the group name in NiCE KM and the IdP is exactly the same
Verify the group is permissioned to access the section.