The map user groups functionality is configured through the SSO Portal but applies to Cloud Services Portal users only.
The Map Groups section allows you to automatically assign groups from your Identity Provider to the Cloud Services Portal groups. When a user signs in and is in the target IdP group, they will automatically be assigned Cloud Services Portal groups, depending on this configuration. If the user did not previously have a user account in the Cloud Services Portal, they will automatically be created and assigned groups in your company's Cloud Services Portal account.
To configure user mapping, complete the following:
- Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
- On the 3rd Party IDP page of the Infoblox SSO Portal, go to the Map Groups section, click Configure Group Mapping.
In the Map Groups dialog box, click Add, and then enter the IdP group name in the following text box:
IDP USER GROUP: For OKTA federation.
- AZURE OBJECT ID: For Azure AD federation
FORGEROCK GROUP NAME: For ForgeRock federation.
Ensure that you enter the IdP group name you configured in your SAML application. You can find the IDP group name/ID at your IdP. Azure AD will only send the groups’ Azure Object ID in the SAML Assertion. Therefore, IDP group names are not used when federating with Azure AD.
The following restrictions apply to the IdP group names:
- The name cannot be empty.
- The length must be less than or equal to 253 characters.
- Valid characters include the following: a-z, A-Z, 0-9, -, .
- Must begin with an alphanumeric character.
- Must end with an alphanumeric character.
If your IdP group names do not meet the above restrictions, you will receive an error when you try to add the group mapping entries.
- From the BloxOne USER GROUP drop-down list, choose the desired BLOXONE User Group to map to the entered IdP user group. You can also use the search option by entering the name of the BloxOne user group to find a match. Repeat this process for each IdP group as necessary to create multiple mappings. You can map multiple IdP groups to a single BloxOne user group.
For example, if you map an IdP user group "idp-group" to a BloxOne user group "ib-ddi-admin," any user who signs in to the Cloud Services Portal and belongs to the "idp-group" will automatically be added to the "ib-ddi-admin" group.
- Click Save & Close to save the mappings.
- After you have configured the SAML application and mapped user groups, you can complete the following configuration:
You can also perform the following after you set up 3rd party IdP authentication:
This page has no comments.