When you use single sign-on, you can configure Mazevo to assign a default security policy to new users. The policy can be assigned using attributes sent to Mazevo during the sign-in process to determine the appropriate policy for the new user.
Overview
When SSO is used for authentication, a new account is created if the user doesn't already have one. This account will be created as a View-Only Requester unless one of the following options is configured for SSO.
Setting the default security policy for all new requester accounts
- Navigate to Settings > Security Policies.
- Click on the policy name to edit the policy.
- Select Assign to New Users for Single Sign On on the Details tab to set this policy as the overall default policy.
- Press Save.
For all new accounts created, this policy will be used.
Using SAML Attributes to assign a policy
SAML Attributes can be passed to Mazevo during the login process for more control over policy assignments. These attributes can be mapped to Mazevo security policies. Mazevo will only use one attribute to determine the policy assigned to the use. However, if a user has multiple attributes, the order in which the attributes are processed is controlled by the sort order set on the attributes.
To manage the attributes and the corresponding policy assignment:
- Navigate to Settings > Security Policies.
- Press Manage Single Sign On.
- Click Add SAML Attribute.
- Enter the following data:
- Security Policy
- Attribute Name
- Attribute Value
- Press Save.
To set the order SAML attributes are processed:
- Navigate to Settings > Security Policies.
- Press Manage Single Sign On.
- Click Set Sort Order.
- Drag and Drop the Policies/Attributes in the order desired.
- Press Save.