Integration of IdP groups with Digibee groups
Learn how group integration works
To integrate IdP groups with Digibee groups, you must belong to a group that is bound to the groups-manager role, such as the access-manager default group. You can learn more about users, groups and roles here.
When you integrate a realm with an identity provider (IdP), it's important that you integrate your IdP groups with Digibee groups. The reason for this is that Digibee assigns permissions by assigning users to groups. If users don't belong to a group, they'll not be able to interact with the Digibee Integration Platform.
After you activate the integration of IdP groups with Digibee groups:
- Users who log in using Digibee credentials are not affected by IdP group settings. Their permissions are granted by the Digibee groups they belong to.
- Users who log in with an IdP can only belong to IdP groups. You won’t be able to assign them to Digibee groups.
If a user can log in using either Digibee credentials or with an IdP, they will be unassigned to all non-integrated Digibee groups if they log in with an IdP once.
The group integrations page displays a table with:
- Group integration name
- Integration status
- SAML Scheme / Identity Provider ID
- Digibee group name
- Test status
The test status variable can assume the following values:
Group integration test was successful
Group integration test is waiting for the test login to complete
Group integration test not executed yet
Group integration test failed
The time limit of the group integration test expired before a login was made
The group integration test was canceled
You can view archived group integrations by clicking the arrow on the search bar and then selecting archived.
On the group integrations page, you can:
Read the articles linked above to learn more about each of these actions.