BRYTER uses roles as a means of controlling access to functionality within the platform. Identity providers (IdPs) also use roles to control access to resources.
Role mapping synchronizes the roles defined in an IdP with those defined in BRYTER.
It is optional and whether to use it or not depends on the focus of user management in your organization:
- where single sign-on is not enabled, BRYTER admins manage role assignment via the Admin Console.
- where single sign-on is enabled, BRYTER admins can choose to map BRYTER roles to the roles assigned in their IdP. The IdP admins then manage role assignment via the IdP interface.
- where single sign-on is enabled, BRYTER admins can choose to not map roles to those in their IdP. BRYTER admins then manage role assignment in the Admin Console.
BRYTER roles
The three roles available in BRYTER are in a hierarchy of permissions from Admin down through Author to the End user role which has the least permissions.
All new users are assigned the role End user until they are assigned either an Author or Admin role.
Configure role mapping
Role mapping is optional — you can choose to:
- enable role mapping and administer all user accounts in your IdP interface; or
- not enable role mapping and manage user accounts in the Admin Console in BRYTER.
BRYTER currently supports three user classifications: End user, Author, and Admin.
Follow this procedure to enable role mapping — ensure that the names of the roles here are an exact match those in the IdP configuration.
- In the Single Sign-On page, next to the name of the IdP configuration, click Edit. The Edit Identity Provider page displays.
- Click the Advanced Settings tab. The Role claims page displays.
- Enter values into the Admin and Author fields, then click the Update role mapping button.
The Role mapping confirmation message displays. An error displays if the values are invalid.