Changes

Single Sign-On

1,999 bytes removed, 9 December
Expected Behaviour for Role Mapping
==Expected Behaviour for Role Mapping==
<!--Ticket#124791 - SSO to update roles for existing users for a fully federated SSO-->
 '''Scenerio 1:  ''User Access '<br />'''''Role Mapping'''''''' set to ''''''''Disabled'''''''' / ''''''''Create New User'''''''' on ''''''''No Match'' is '''''' is ''''''''OFF''''' 
* User will not be created if user does not exist in the SmartSimple instance
* Only existing users in the SmartSimple instance will be able to login and no role/status updates for existing users
<br />'''''Role Mapping ''''''''set to ''''''''Disabled'''''''' / ''''''''Create New User'''''''' on ''''''''No Match'''''''' is ''''''''ON''''''''  '''
* '''Scenerio 2:  ''Define User Access Mapping'' set to ''Disabled'' / ''Create New User'' on ''No Match'' Roles Through Custom Attribute is OFF''ON''  ''' * User will be created with default new user role / default new user status settings if users does not exist in the SmartSimple instance* No role updates based on default new user role / default new user status if user exists  '''Scenerio 3:  ''User Access Mapping'' set to ''Enabled'' / ''Create New User'' on ''No Match'' is ''OFF'' / No Assertion defined  ''' * User should not be created on the system if not already created when using SSO to access system* User should see no role updates if accessing with existing account that does not have of the roles defined in the Roles controlled by Assertion* User should see role updates if accessing with existing account that does have roles defined in the Roles controlled by Assertion. The change will be based on the Mappings defined.  '''Scenerio 4:  ''User Access Mapping'' set to ''Enabled'' / ''Create New User'' on ''No Match'' is ''OFF'' / Assertion is defined  ''' * User will not be created if user does not exist in the SmartSimple instance* No role updates if accessing with existing account* No role updates if it is not referenced in the defined assertion* Role updates if accessing with existing account only if they are defined in the ''User Roles Assertion Mapping''. Role update will be based on the mappings defined under ''Mapping''.  '''Scenerio 5:  ''Define User Access Mapping'' set to ''Enabled'' / ''Create New User'' on ''No Match'' is ''Roles Through Custom Attribute is ON''  / No Assertion defined''' * User will be created with default new user role / default new user status settings if user does not exist in the SmartSimple instance* No role updates if accessing with existing account that does not have roles defined listed in the 'SSO assertion 'User Roles Assertion Mapping''  '''Scenerio 6:  ''User Access Mapping'' set to ''Enabled'' / ''Create New User'' on ''No Match'' is ''ON'' / Assertion is defined  ''* User will be created with roles defined in the assertion if user users does not exists exist in the SmartSimple instance and assertion roles are defined in the ''User Roles Assertion Mapping''* User  (role updates based on the defined assertion if accessing names should align with existing accounts that has roles defined system role names in the assertioninstance)* No role updates if accessing with existing accounts that has no roles defined in the assertion or if roles in assertion was not mapped in the ''User Roles Assertion Mapping''  '''Scenerio 7:  ''User Access Mapping'' set to ''Classic Mode'' / ''Create New User'' on ''No Match'' is ''ON''  / No Assertion is defined''' * User will be created with default new user role / default new user status settings if user does not exist in the SmartSimple instance* No role updates if accessing with user account that already exists in the SmartSimple instancefor existing users
<br />'''Scenerio 8:  ''User Access Role Mapping'' set to ''Classic Mode'' '' set to ''''''''Enabled'''''''' / ''''''''Create New User'' on '''''' on ''''''''No Match'' is ''ON''  / Assertion '' is defined''''''''OFF'''''
* '''''Create New User will '''''''' on ''''''''No Match'''''''' is ''''''''OFF''''' User should not be created with roles defined in on the assertion system if user does not exist in the SmartSimple instance and assertion roles are defined in the already created when using SSO to access system* '''''Create New User Roles Assertion Mapping''* '''''' on ''''''''No Match'''''''' is ''''''''ON''''' User will be created with default new user role / default new user status settings if user does not exists exist in the SmartSimple instance and if assertion * Existing users: no change for existing roles do not exist in the that are '''NOT''' within the list of "'''User Roles Assertion Mappingto be Monitored'''"* When Access Existing users: roles that are in the list of "'''Roles to be Monitored'''" will be updated, based on Role Mapping is set to Classic Mode and there is no mapping section, role updates the user will only happen in user creation be provisioned with all the roles as defined by the assertion attributes, and the will be stripped of any roles that they may currently possess that are listed in this setting but were not defined in the assertion has to have the same user role names matching value with the SmartSimple role namesattributes.
==Example of SSO configuration in SmartSimple==
Smartstaff
136
edits