OneCampus Help Center

Find answers fast: Ask a question, search for keywords, or explore articles below.

Default Role Filter

blobid0.png

For those that are interested, OneCampus can be set up to allow SAML 2.0 Authentication to pass the role attribute from the authentication source and default the role filter/dropdown when a user logs in. This functionality will not work for those using basic CAS or Google Auth due to the core way those two authentication systems work.

There are two pieces that must to be in place in order to utilize this feature:

  1. Your authentication system must release your desired role attributes to OneCampus in addition to the required unique identifier. Most institutions are currently not passing this information in an attribute.
  2. you must create a map in the tenant setting that identifies OneCampus what attribute value(s) from SAML equate to the role(s) created in OneCampus.
    • Begin by clicking the Advanced menu > Settings > Application > Role Assignment Map to create a map of the SAML attributes you are sending and the unique key for that role in OneCampus. For example, if “stu” is one of your SAML attributes that identifies a student role and you would like to map the “stu” attribute to your “Student” role created in OneCampus with a unique key of “student”, the role translation map should be entered as “stu=student”. Please note that you must use role unique keys in this mapping and NOT role displayed names. To have multiple entries in this setting, separate the entries with a comma (“,”) such as stu=student,fac=faculty,aff=affiliate.
    • You can also set multiple SAML role attributes to one role in OneCampus such as freshman=student,sophomore=student,junior=student,senior=student,stu=student,fac=faculty.
  3. Choose one of the options below to designate how to handle roles that are passed through SSO. [This step is optional]
    • Don’t show a message and manually selected roles remain selected (default option)
      • If nothing was manually selected by end user, role(s) will be defaulted by SSO.
      • If role was manually selected, manual selection stays but no notice is provided to end user.
    • Notify user on login and keep the manually selected roles
      • If nothing was manually selected by end user, role(s) will be defaulted by SSO.
      • If role was manually selected and same as what is being passed, roles stay and no notice is provided to end user.
      • If role was manually selected but different that what is being passed, manual selection stays but end user is notified with the below.
        blobid1.png

    • Notify user on login and change the manually selected roles to match SSO
      • If nothing was manually selected by end user, role(s) will be defaulted by SSO.
      • If role was manually selected and same as what is being passed, roles stay and no notice is provided to end user.
      • If role was manually selected but different that what is being passed, manual selection will be overridden by what is being passed and end user is notified with the below.
        blobid2.png

    • Don’t show a message and force the SSO roles
      • Whether or not roles were manually selected by the end user, roles will be defaulted to whatever is passed over by SSO - no notice of change will be provided to end user.
    • Don’t show a message, force the SSO roles and hide the roles list
      • Whether or not roles were manually selected by the end user, roles will be defaulted to whatever is passed over by SSO and the role dropdown will be hidden.
      • *Please note: This option is only recommended when the setting for Require Login is enabled.

 

 

Related to

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request