Address Manager SSO groups assign authorization to users in the SSO integration. When creating an SSO group, you can assign default access (view, change, add, or full access) and administrator rights to the group.
- BlueCat recommends creating at least one local Administrator group that includes at least one local administrative user to serve as the SSO admin. This is a recommended best practice for SSO as the SSO admin can log in to Address Manager to deal with any connectivity issues with the IdP or critical issues with DDI operations.
- The SSO admin requires the following:
- GUI and API access
- Local authentication
- Before creating SSO groups in Address Manager, ensure the group membership claims exist in your IdP. This allows mapping of access rights to users who first log in to Address Manager with their SSO credentials. Contact your IdP for more information.
- You need at least one SSO group to enable SSO.
A new SSO group is matched with a group membership claim in the IdP that contains the access rights of users. Once a user logs in with SSO credentials, that user is automatically added to the SSO users list in the SSO group based on the group membership claim. If you are setting up SSO after performing a new installation of Address Manager you must create SSO groups to enable SSO.
- In Address Manager, select the Administration tab.
- Under User Management, select Users and Groups.
- Select the Groups tab.
- Under Groups, click .
- In the Default Access drop-down, select the type of access assigned to the group.
Enter the name and description of the SSO group.
Important: The name of the SSO group must match the group membership name in the IdP.
- Select Administrator if you want to assign administrative privileges to the group.
The list in the Groups tab now displays the SSO group.