SAML user rights: Access Profiles (Recommended)

SAML Access Profiles allow you to define user access rights based on SAML attributes. You can manage these profiles in the app under:

Settings > General > SAML Setup > Add SAML Profile
https://app.aikido.dev/settings/account

Configuring SAML Access Profiles

When adding a new SAML Profile, you can define the following settings:

1. Profile Name

The name that should be passed as the aikido_access_profile SAML claim.

2. Role

Defines the user's role:
- Admin
- Default
- Team Only

3. Edit Rights

Determines the user's edit capabilities:
- Standard
- Read Only

4. Can Ignore

Specifies whether the user can ignore issues:
- Yes
- No

5. Can Snooze

Specifies whether the user can snooze issues:
- Yes
- No

6. Can Change Severity

Defines if the user can change the severity of issues:
- Yes
- No

7. Can Manage Teams

Defines if the user can manage teams:
- Yes
- No

8. Member of Teams

A comma-separated list of team names the user belongs to.
Matches the existing aikido_teams SAML claim.

9. Workspace IDs

A comma-separated list of workspace IDs where the user has access.
Matches the existing aikido_workspace_ids SAML claim.
If left empty, the profile grants access to all workspaces linked to the SAML client.

Using SAML Access Profiles

Once a profile is created, you can set up a custom SAML claim aikido_access_profile with the profile name as value. If set, users who authenticate via SAML will receive access based on the profile associated with this claim. Ensure that the correct claims are configured in your Identity Provider (IdP) to match the assigned profiles.

Note

When using the aikido_access_profile in combination with other custom SAML claims, those other claims will take precedence.

Setting Roles and Permissions

SAML user rights using custom attributes (Advanced)