BRYTER enables the automation of user group mapping for Single Sign-on customers.
If you manage your users through an Identity Provider (IdP) and wish to automatically assign access rights in BRYTER based on the groups defined in the IdP, you can utilize this functionality.
This feature is available for Okta, Entra ID (formerly Azure AD) / AD FS, and any Identity Provider capable of adding a group attribute in the SAML request.
With group mapping enabled and configured, the group mapping feature synchronizes the user’s groups memberships defined in an Identity Provider (IdP) with those defined in BRYTER every time a user logs in. This streamlines access management by automatically granting users the appropriate permissions aligned with their group.
If a user no longer belongs to a specific group in the Identity Provider, BRYTER will automatically remove them from that group's access rights on the next login of the user.
Configure group mapping in BRYTER
Group mapping is optional — you can choose to:
- enable group mapping and administer all user groups in your IdP interface; or
- not enable group mapping and manage user groups in the Admin Console in BRYTER.
Follow this procedure to enable groups mapping in BRYTER:
To automatically map BRYTER users into Okta groups, create groups with matching names in both Okta and BRYTER. BRYTER will then automatically assign new users to the corresponding groups in Okta when they log in.
Please refer to Okta’s documentation for detailed information on this feature.
BRYTER supports group mapping from Entra ID and AD FS through a functionality called working with Cloud-only groups display name.
Please refer to Microsoft's documentation for detailed information on this feature. In case of on premises Entra ID instance, the group field to use is 'sAMAccountName'
-
In the Single Sign-On page, next to the name of the IdP configuration, click Edit. The Edit Identity Provider page displays.
-
Navigate to the Claims section and enter the correct value in the Groups claim field. Ensure that the value is an exact match to the one in the IdP configuration.
-
Confirm the changes by clicking on the Update identity provider button.