IdP Role Mapping

IdP Role Mapping allows you to assign Contentstack roles to the users of a group/role in your IdP. Subsequently, users of such groups can directly log in to your SSO-enabled organization (without invitation) with the assigned permissions.

This is an alternate way of managing users and permissions of your SSO-enabled organization (the other way being invitation-based users and roles management).

To use this feature, you need to map your IdP roles to Contentstack roles, while configuring SSO for your organization.

Note: After enabling IdP Role Mapping, the role management (in Contentstack) for the users of your IdP will be handled from your IdP, instead of from Contentstack.

Currently, IdP Role Mapping is supported only for OktaOneLogin, and Microsoft Azure AD.

Was this article helpful?

Thanks for your feedbackSmile-icon

On This Page