Hi All
I have a use case when everytime a user logs in we would like a process to be triggered ( which i think is doable via user start pages) this process is required to take the group information from the SSO response and add/delete/move the users to the respective Appian User group. Is this doable?
Discussion posts and replies are publicly visible
Hello again Ankur V,
User start pages will indeed direct your users to the desired page based on group membership. However, there needs to be another event to start a process. This could be, for example, a user click or an event driven by a call to an Appian web API.
Typically, user and group management automation is handled in a scheduled recurring process and/or a process that can be initiated my an admin on demand.
For a user to click on an event i think throwing a terms and conditions page with acceptance should work but how will appian consume the data provided by the SSO that has the group information and use that to assign user to a group?
That capability isn't in the product right now.A user's group membership is typically imported via LDAP or SCIM sync.
Appian must be storing the SAML attributes it receives somewhere when it queries the SSO provider if we know the locations of the stored attributes can we write a process to capture it and move user to group?
Right now Appian does not store the SAML assertion so it is not there for designers to use. I would suggest looking into one of the alternative methods that Rob mentioned.
I agree with Rob but in our use case the only way we will be authenticating users will be with SAML there is no direct connection with LDAP or AD.
You will need to find a way to get that role data into Appian without using SAML. Whether it is LDAP connection, REST API, file transfer, etc. or even manual user entry.