Group claim mappings can be utilized for SAML group memberships to manage Laserfiche access or when configuring a linked identity provider.
SAML Group Memberships
If you want to add a SAML group to a Laserfiche Directory Server group you must configure the group claim mapping for the SAML provider. The group claim mapping allows Laserfiche Directory Server to find the group value in a SAMLResponse and interpret it so that the user can correctly inherit the Directory Server group.
To set up group mappings, follow these steps:
- In Laserfiche Directory Server, click Settings.
- Click the Identity Providers tab.
- In the left pane, click the name of your identity provider.
- Select the Claims tab. In the Claims tab, add the Groups claim.
The claim mapping should be the SAML token attribute Name. The SAML tokens may contain multiple Values, one for each group, that are under the same attribute.
Note: To learn more about SAML claim mappings, navigate to Creating Claim Mappings.
- Add SAML groups to Directory Server groups. When adding a SAML group, enter the name as it appears in the attribute Value. Unlike the attribute Name, the attribute Value will be unique to each group.
Note: To add a SAML group, navigate to the Accounts tab in Laserfiche Directory Server. Click the Groups tab. Click the Group name. Under the Members tab, click the +Add button and select SAML Group.
Note: To learn more about the SAMLResponse, navigate to Intercepting the SAML Response.
Group Claims for Linked Identity Provider
There must be a group claim mapping set prior to adding a linked identity provider.
Note: To learn more about adding Groups claim when configuring a linked identity provider, navigate to Linked Identity Provider in Laserfiche Directory Server.