Start free trial

SAML attributes

Manage users and groups from your SAML identity provider.

Enterprise plan subscribers with SAML SSO enabled can configure SAML attributes to automatically manage user roles, group memberships, and team memberships in Secoda.

Overview

When configuring SAML SSO with your identity provider, you can set up specific SAML attributes that will automatically map to user roles, group memberships, and team memberships in Secoda.

Configure

Upgrade to the Enterprise plan

Contact us to upgrade to the Enterprise plan and enable SAML SSO.

Configuration

To configure SAML attributes, you'll need to add the following attributes to your SAML configuration in your identity provider:

  • In the Okta admin pages, open your Secoda application

  • Navigate to the Sign On tab

  • Under SAML 2.0 Configuration, click Edit

  • Add the following attributes:

    • secodaRole (string)

    • secodaGroupMembership (comma-separated list)

    • secodaTeamMembership (comma-separated list)

  • Save your configuration

Attribute Mapping

The following SAML attributes are supported for automatic user management:

  1. secodaRole (string)

    • Maps to the User model role

    • Stored in the _role property on User

    • Example: "admin", "editor", "viewer"

  2. secodaGroupMembership (comma-separated list)

    • Maps to Group model membership

    • Users will be automatically added to groups with matching names

    • Users will be removed from groups that are not contained in the attribute

    • Example: "Data Engineers,Analysts"

  3. secodaTeamMembership (comma-separated list)

    • Maps to Team model membership

    • Users will be automatically added to teams with matching names

    • Users will be removed from teams that are not contained in the attribute

    • Example: "Engineering,Product"

Groups and teams must exist in Secoda before they can be mapped via SAML attributes. If a group or team doesn't exist, the membership will be skipped.

Last updated

Was this helpful?