Smartstaff
1,385
edits
Changes
→Expected Behaviour for Role Mapping
==Expected Behaviour for Role Mapping==
<!--Ticket#124791 - SSO to update roles for existing users for a fully federated SSO-->
'''Scenerio 1: ''User Access Mapping'' set to ''Disabled'' / ''Create New User'' on ''No Match'' is ''OFF'''''
* User will not be created if user does not exist in the SmartSimple instance
* Only existing users in the SmartSimple instance will be able to login and no role/status updates for existing users
'''Scenerio 2: ''User Access Mapping'' set to ''Disabled'' / ''Create New User'' on ''No Match'' is ''ON'' '''
* User will be created with default new user role / default new user status settings if users does not exist in the SmartSimple instance
* No role updates based on default new user role / default new user status if user exists
'''Scenerio 3: ''User Access Mapping'' set to ''Enabled'' / ''Create New User'' on ''No Match'' is ''OFF'' / No Assertion defined '''
* User will not be created if user does not exist in the SmartSimple instance
* No role updates if accessing SSO with existing users
'''Scenerio 4: ''User Access Mapping'' set to ''Enabled'' / ''Create New User'' on ''No Match'' is ''OFF'' / Assertion is defined '''
* User will not be created if user does not exist in the SmartSimple instance
* No role updates if accessing with existing account
* No role updates if it is not referenced in the defined assertion
* Role updates if accessing with existing account only if they are defined in the ''User Roles Assertion Mapping''. Role update will be based on the mappings defined under ''Mapping''.
'''Scenerio 5: ''User Access Mapping'' set to ''Enabled'' / ''Create New User'' on ''No Match'' is ''ON'' / No Assertion defined'''
* User will be created with default new user role / default new user status settings if user does not exist in the SmartSimple instance
* No role updates if accessing with existing account that does not have roles defined in the ''User Roles Assertion Mapping''
'''Scenerio 6: ''User Access Mapping'' set to ''Enabled'' / ''Create New User'' on ''No Match'' is ''ON'' / Assertion is defined '''
* User will be created with roles defined in the assertion if user does not exists in the SmartSimple instance and assertion roles are defined in the ''User Roles Assertion Mapping''
* User role updates based on the defined assertion if accessing with existing accounts that has roles defined in the assertion
* No role updates if accessing with existing accounts that has no roles defined in the assertion or if roles in assertion was not mapped in the ''User Roles Assertion Mapping''
'''Scenerio 7: ''User Access Mapping'' set to ''Classic Mode'' / ''Create New User'' on ''No Match'' is ''ON'' / No Assertion is defined'''
* User will be created with default new user role / default new user status settings if user does not exist in the SmartSimple instance
* No role updates if accessing with user account that already exists in the SmartSimple instance
'''Scenerio 8: ''User Access Mapping'' set to ''Classic Mode'' / ''Create New User'' on ''No Match'' is ''ON'' / Assertion is defined'''
* User will be created with roles defined in the assertion if user does not exist in the SmartSimple instance and assertion roles are defined in the ''User Roles Assertion Mapping''
* User will be created with default new user role / default new user status settings if user does not exists in the SmartSimple instance and if assertion roles do not exist in the ''User Roles Assertion Mapping''
* When Access Mapping is set to Classic Mode and there is no mapping section, role updates will only happen in user creation and the roles in assertion has to have the same user role names matching value with the SmartSimple role names.
