SAML group mapping

You can manage your user groups by using either your IdP or local permissions groups. You can also use a mix of both kinds of groups. Only federated permissions groups are managed by using SAML.

Fastpath: Admin Console: People > Settings > Single Sign-On > SAML > Advanced

To manage groups with SAML, you initially enable group mapping and provide the group mapping attribute. You can assign users to security groups automatically by passing the group mapping attribute from the IdP to Jive. This attribute is used to retrieve security group names from each assertion. If a group specified within the group mapping attribute doesn't already exist in Jive, it will be created when you synchronize, and the user will be added to the group. If a group specified within the group mapping attribute does already exist in Jive but is not federated, it will automatically be federated.

To manage groups using SAML:

In the Admin Console, go to People > Settings > Single Sign-On > SAML > Advanced.
Select the Group Mapping Enabled check box and provide the group mapping attribute in Group Name Attribute.
In the SAML response, pass the name of each group in the response for each user. Each group name should be listed as a separate attribute value as shown in the following example:
```
 <Attribute name="groups">
      <AttributeValue>groupOne</AttributeValue>
      <AttributeValue>groupTwo</AttributeValue>
      <AttributeValue>groupThree</AttributeValue>                       
</Attribute>
```
The groups you specified in the groups attribute will automatically be federated when user members are synchronized at login.