SAML user rights: Access Profiles (Recommended)
SAML Access Profiles allow you to define user access rights based on SAML attributes. You can manage these profiles in the app under:
Settings > General > SAML Setup > Add SAML Profile
https://app.aikido.dev/settings/account
Configuring SAML Access Profiles
When adding a new SAML Profile, you can define the following settings:
1. Profile Name
The name that should be passed as the
aikido_access_profile
SAML claim.
2. Role
Defines the user's role:
Admin
Default
Team Only
3. Edit Rights
Determines the user's edit capabilities:
Standard
Read Only
4. Can Ignore
Specifies whether the user can ignore issues:
Yes
No
5. Can Snooze
Specifies whether the user can snooze issues:
Yes
No
6. Can Change Severity
Defines if the user can change the severity of issues:
Yes
No
7. Can Manage Teams
Defines if the user can manage teams:
Yes
No
8. Member of Teams
A comma-separated list of team names the user belongs to.
Matches the existing
aikido_teams
SAML claim.
9. Workspace IDs
A comma-separated list of workspace IDs where the user has access.
Matches the existing
aikido_workspace_ids
SAML claim.If left empty, the profile grants access to all workspaces linked to the SAML client.
Using SAML Access Profiles
Once a profile is created, you can set up a custom SAML claim aikido_access_profile
with the profile name as value. If set, users who authenticate via SAML will receive access based on the profile associated with this claim. Ensure that the correct claims are configured in your Identity Provider (IdP) to match the assigned profiles.
Note
When using the aikido_access_profile
in combination with other custom SAML claims, those other claims will take precedence.