Initializing help system before first use

Managing Authorities and App Membership

The authority groups and app membership for a user are managed by the IdP. To avoid the IdP having to directly reference the names of Insight authority groups and apps, Insight provides a mapping feature from IdP attributes to authority groups and app membership entitlements. Users with SYS_USER authorization can use this mapping to create rules based on the roles or group information in the IdP.
You can add a new SSO attribute mapping rule in the Admin page. A new mapping rule is effective the next time the user logs in. Multiple values can be specified for a mapping rule. If any value matches the IdP value, then the user is granted the entitlements. The same attribute can be used in multiple mappings to map each value to a different set of grants. All changes to the mapping configuration are logged to the Audit Log.
Note: During configuration of a new system, the absence of mappings to SYS_USER prevents a user administrator from configuring mappings. There are two options for avoiding this situation. You can configure mappings before enabling SSO. Alternatively, a user that is assigned superuser=true in the IDP is granted all authority groups.
  1. Click ADMIN to open the ADMIN page.
  2. Select SSO Mappings from the left navigation menu.
  3. Enter the name of the attribute as described by the IdP configuration.
  4. Enter a matching value. If the user's information from the IdP contains the attribute with this value, then the user is granted the apps and authority groups included in this mapping rule.
  5. Add any apps to those the user is to be granted access to.
  6. Add any authority groups to those the user is to be assigned.
  7. Click SAVE.
Parent Topic Managing Single Sign-On Users

© 2001-2024 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.