Technical Tip: How to automatically assign permissions to new users in FortiMonitor when using SSO integration
| Description | This article describes how to leverage the SAML role mapping within SSO Integration to automatically assign new users permissions. |
| Scope | FortiMonitor, SSO Integration, SAML |
| Solution | Overview
In order to take advantage of this, the SSO Integration will need to provide an additional SAML field with a payload that is defined within the SSO Integration setup of FortiMonitor.
For example, if user has an attribute named 'Department' that is shared via the SSO integration, one can define the values that FortiMonitor should expect to see such as 'IT' or 'Sales' and based on the value received a user can be assigned a FortiMonitor role such as 'Account Admin' or 'Dashboard Viewer'.
Example of attribute values being passed by an OKTA integration including the 'Department' attribute.
Example of the SAML XML data that will be passed to FortiMonitor including the Attribute Name of 'Department' and AttributeValue of 'IT'.
When the value received for the 'Department' attribute is 'Sales' the user will automatically created and assigned the 'Dashboard Viewer' role. When the attribute value is 'IT' the user will be automatically created and assigned the 'Account Admin' role.
 |