Managing SAML attribute group associations
Viewing associations
To see which SAML attribute groups are associated with an elvex group:
Open the elvex group
Open the IdP Configuration section
You'll see all associated SAML attribute groups and the roles they assign
Changing the role
Open the elvex group
Find the SAML attribute group association in the IdP Configuration section
Click on the current role
Select the new role (Editor or Viewer)
Save changes. Note that all group members tied to this SAML attribute group will automatically receive the new role.
Removing an association
Open the elvex group
Find the SAML attribute group association in the SAML Attribute Groups section
Click Remove or the delete icon
Confirm the removal
Users who were added to the group through this SAML attribute group will automatically be removed.
Troubleshooting
Users aren't being added to groups automatically
Verify your IdP is sending the "groups" attribute
Check that the attribute values match exactly (case-sensitive)
Confirm the SAML attribute group is associated with an elvex group
Test with a fresh login (logout and log back in via SAML)
Users have the wrong role in the group
Check the role configured in the SAML attribute group association
If a user matches multiple SAML attribute groups for the same elvex group, they receive the highest privilege role
Testing your configuration
Have a test user with the appropriate IdP attributes log in to elvex via SAML
Navigate to Settings > Groups
Open the group you configured
Verify the test user appears in the members list with the correct role