# SAML attributes Enterprise plan subscribers with SAML SSO enabled can configure SAML attributes to automatically manage user roles, group memberships, and team memberships in Secoda. ### Overview When configuring SAML SSO with your identity provider, you can set up specific SAML attributes that will automatically map to user roles, group memberships, and team memberships in Secoda. ### Configure #### Upgrade to the Enterprise plan Contact us to upgrade to the Enterprise plan and enable SAML SSO. #### Configuration To configure SAML attributes, you'll need to add the following attributes to your SAML configuration in your identity provider: {% tabs %} {% tab title="Okta" %} * In the Okta admin pages, open your Secoda application * Navigate to the *Sign On* tab * Under *SAML 2.0 Configuration*, click *Edit* * Add the following attributes: * `secodaRole` (string) * `secodaGroupMembership` (comma-separated list) * `secodaTeamMembership` (comma-separated list) * Save your configuration {% endtab %} {% tab title="OneLogin" %} * In OneLogin's Admin panel > Applications, select your Secoda application * Go to the *Configuration* tab * Under *Parameters*, add the following attributes: * `secodaRole` (string) * `secodaGroupMembership` (comma-separated list) * `secodaTeamMembership` (comma-separated list) * Save your configuration {% endtab %} {% tab title="Azure AD" %} 1. In Azure portal, go to Azure Active Directory -> Enterprise Applications 2. Select your Secoda application 3. Go to *Single sign-on* in the left panel 4. Under *User Attributes & Claims*, click *Edit* 5. Add the following claims: * `secodaRole` (string) * `secodaGroupMembership` (comma-separated list) * `secodaTeamMembership` (comma-separated list) 6. Save your configuration {% endtab %} {% endtabs %} ### Attribute Mapping The following SAML attributes are supported for automatic user management: 1. `secodaRole` (string) * Maps to the `User` model role * Stored in the `_role` property on `User` * Example: `"admin"`, `"editor"`, `"viewer"` 2. `secodaGroupMembership` (comma-separated list) * Maps to `Group` model membership * Users will be automatically added to groups with matching names * **Users will be removed from groups that are not contained in the attribute** * Example: `"Data Engineers,Analysts"` 3. `secodaTeamMembership` (comma-separated list) * Maps to `Team` model membership * Users will be automatically added to teams with matching names * **Users will be removed from teams that are not contained in the attribute** * Example: `"Engineering,Product"` {% hint style="info" %} Groups and teams must exist in Secoda before they can be mapped via SAML attributes. If a group or team doesn't exist, the membership will be skipped. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.secoda.co/enterprise/saml/attributes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.