How to setup AAD group to role mapping when using SAML with SSO?
We upgraded recently to Yellowfin 9.6 and like to start using the new integrated "SAML with SSO" feature (instead of the SAML bridge we currently use).
We provide reporting for multiple warehouses and we have cases were users are working for multiple warehouses. In our Azure AD we have setup YF groups per warehouse. If a user is required access to dashboards for multiple warehouses, he will be assigned to each warehouse group.
When configuring LDAP authentication, Yellowfin seems to retrieve the user's group memberships and a job seems to keep these memberships in sync with the assigned roles.
For the SAML SSO configuration I could not find any information on a similar feature (https://wiki.yellowfinbi.com/display/yfcurrent/Using+SAML+with+SSO).
Could someone please inform me on:
- How to setup AAD group to role mapping when using SAML with SSO?
- I noticed the feature "Role attribute" in the SAML config, but does it allow to pass multiple roles?
- Will role membership kept in sync after the user is created?