SAML user rights using custom attributes (Advanced)
These are the advanced way of setting up user rights. We recommend using SAML Access Profiles
This guide provides detailed instructions on how to configure and manage user rights within Aikido using SAML custom attributes. By leveraging attributes such as aikido_role
, aikido_data_edit_rights
, aikido_can_ignore
, aikido_can_change_severity
, aikido_can_manage_teams
, and aikido_teams
, you can control user permissions and roles from within your identity provider. This approach ensures that users have the same access in Aikido as set up in your identity provider.
aikido_access_profile: More info
When setting up SAML Access Profiles, this is the claim to use.<saml:Attribute Name="aikido_access_profile"> <saml:AttributeValue xsi:type="xs:anyType">My Access Profile</saml:AttributeValue> </saml:Attribute>
aikido_role:
admin
,default
,team_only
<saml:Attribute Name="aikido_role"> <saml:AttributeValue xsi:type="xs:anyType">default</saml:AttributeValue> </saml:Attribute>
aikido_data_edit_rights:
standard
,read_only
<saml:Attribute Name="aikido_data_edit_rights"> <saml:AttributeValue xsi:type="xs:anyType">standard</saml:AttributeValue> </saml:Attribute>
aikido_can_ignore:
true
,false
<saml:Attribute Name="aikido_can_ignore"> <saml:AttributeValue xsi:type="xs:anyType">true</saml:AttributeValue> </saml:Attribute>
aikido_can_change_severity:
true
,false
<saml:Attribute Name="aikido_can_change_severity"> <saml:AttributeValue xsi:type="xs:anyType">true</saml:AttributeValue> </saml:Attribute>
aikido_can_manage_teams:
true
,false
<saml:Attribute Name="aikido_can_manage_teams"> <saml:AttributeValue xsi:type="xs:anyType">true</saml:AttributeValue> </saml:Attribute>
aikido_teams: You can define the different teams where the user is a part of here. If the team(s) do not exist in Aikido, it will be created. The user will auto-join these given teams. The user will be removed from all other teams if this is set up.
<saml:Attribute Name="aikido_teams"> <saml:AttributeValue xsi:type="xs:anyType">team1</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:anyType">team2</saml:AttributeValue> </saml:Attribute>
aikido_workspace_ids: You can define the different Aikido workspaces where the user is a part of here. The user will auto-join these given workspaces. The user will be removed from all other workspaces if this field is set up.
<saml:Attribute Name="aikido_workspace_ids"> <saml:AttributeValue xsi:type="xs:anyType">1233</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:anyType">2511</saml:AttributeValue> </saml:Attribute>