[MGNLSSO-36] Mix external Authentication with internal role resolution and assignment Created: 30/Jul/20  Updated: 04/Nov/21  Resolved: 04/Nov/21

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: 2.4 Incubator
Fix Version/s: None

Type: New Feature Priority: Neutral
Reporter: Jörg Wirsig Assignee: Unassigned
Resolution: Workaround exists Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

In our setup we have a very complex setup of different roles / groups. 

It would be very useful, if we could use the external SSO authentication, but afterwards, the roles and groups would be applied as it would be by a default login. So i would suggest a local magnoluia role / group resolution based on the loginname provided by SSO Login, if the name matches an local magnolia account. 

As a consequence the user has to be added to magnolia manually and configured with the granted roles and groups. 

The main advantage is, that the bunch of groups does not have to be assigned in the AD by people who have no idea about what groups and roles are required. 



 Comments   
Comment by Lars Fischer [ 04/Nov/21 ]

Hi Jörg,

in SSO Connector there is the "create local users feature" which should cover your use case (if I understood it correctly).

The SSO Connector module is legacy now, so you should request the feature in the "official" module (Magnolia SSO) if needed.

Thanks,

Lars

Generated at Mon Feb 12 10:50:30 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.