All Collections
Administration
New Access Control
Integration of IdP groups with Digibee groups
Integration of IdP groups with Digibee groups

Learn how to create and configure your integration.

J
Written by Júlio César
Updated over a week ago

IMPORTANT: This documentation has been discontinued. Read the updated Integration of IdP groups with Digibee groups documentation on our new documentation portal.

A Digibee realm, which has identity provider integration (IdP), can integrate identity provider groups with Digibee groups to increase the efficiency of access management of its users. This allows you to scale changes in permissions, making it easier for the access manager.

To avoid possible loss of access, the access manager of a realm must configure the group integrations and request their activation via a request to the Support team or Customer Success of Digibee

Once the integration of Identity Provider Groups with Digibee groups is activated by the Support team (after request via the Platform chat), access control behaves as follows:

  • Native users are not affected by the integration of IdP groups, so they can be associated with any Digibee group (integrated or not).

  • Integrated users (IdP) will only be able to participate in integrated groups (IdP). It will not be possible to assign users to integrated groups via the Platform interface. In this case, when the access manager tries to make any changes, a warning is displayed on both the group and user details page, informing that the integrations have already been carried out and that any edits must be made via Identity Provider or Group Integration. See the following alerts:

Before starting:

Read the following articles and learn more about the use of the New Access Control and Integration with Identity Provider:

All steps described below will only take effect immediately after activation with the Support team.

How to create an integration

Follow the next steps to create an integration:

  1. Sign in to the Digibee Platform;

  2. Click the“Administration” icon;'

  3. Enter the "Groups" menu option;

  4. Go to the tab "Groups Integration";

  5. Click the + CREATE button in the upper right corner;

    Note: You can map multiple integrations at once by clicking the button "+INTEGRATION".

  6. A form requesting the following information will be displayed;

    • Name: the desired name for the integration.

    • SAML Scheme: organization scheme of your identity provider.

    • Identity Provider ID Code: Identity Provider Group Identifier Code.

    • Digibee Group: Platform group that will be integrated.

      If “Custom Scheme” is selected in the SAML Scheme field, a new field will be displayed:

      Note: If your identity provider appears in the SAML Scheme listing, you do not need to locate XPath.

    • Xpath: XML path to get the IDs of the identity provider group.

  7. After filling out the fields, click “SAVE” in the lower right corner;

  8. A confirmation dialog box will appear. Write a brief explanation of the integration that has been created. This information will be added to the Audit register of the Platform;

  9. Click “CREATE INTEGRATION”.

After all these steps the integration will be created successfully.

How to edit an integration

Follow the next steps to edit an integration:

  1. Go to the tab "Groups Integration";

  2. Search for the desired integration in the search bar;

    Note: It is possible to search the integration for any attribute of it (name, code, ID, Digibee group, or SAML)

  3. Click the pencil icon (“Edit integration”);

  4. Do the desired changes;

  5. After doing the changes click on “SAVE” in the lower right corner;

  6. A confirmation dialog box will appear. Write a brief explanation of what has been edited. This information will be added to the Audit register of the Platform;

  7. Click “EDIT INTEGRATION”.

After all these steps the integration will be edited successfully

Note: Changes to user groups will be made at the time the user is logged in using the integration.

How to archive an integration

Follow the next steps to archive an integration:

  1. Go to the tab "Groups Integration";

  2. Search for the desired integration in the search bar;

    Note: It is possible to search the integration for any attribute of it (name, code, ID, Digibee group, or SAML).

  3. Click the "Archive integration" icon;

  4. A Confirmation dialog box will appear. Write a brief explanation of why the integration will be archived. This information will be added to the Audit register of the Platform;

  5. Click “ARCHIVE INTEGRATION”.

Note: It is not possible to reverse this action, as it may generate a conflict of accesses. A new integration will need to be created.

After all these steps the integration will be edited successfully.

IMPORTANTE: Archiving an integration may cause loss of access to members contained in the integration group in question.

Impacts of the integration of the IdP groups

Integration activation cannot be undone. Users may lose full or partial access if groups are not mapped correctly.

After the activation, native users associated with roles and groups can continue using the Platform login page.

Your integration can only be activated manually by the Digibee Support team. Therefore, when you consider that the mapping work is complete and you want the configured integrations to be effective at the time of user login, contact us via chat.

Note: The feature is still on the beta program, to use it, ask the Support team.

Note: Once your integration is enabled, it will not be possible to assign groups to Identity Provider users by the platform on both the users and groups pages. An error message will be displayed when trying to perform this action.

Did this answer your question?