I have SAML groups set up, and I have a situation in which my Active Directory groups have different names in different environments. How can I set the value of the AD_GROUP attribute of the SAML group in a customization file?
Here is what the XML looks like when the group is exported. This file is in the "group" folder when the app is exported.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><groupHaul xmlns:a="">www.appian.com/.../2009"> <versionUuid>...</versionUuid> <group> <name>...</name> <securityMap>SECURITYMAP_PUBLIC</securityMap> <uuid>...</uuid> <groupTypeUuid>...</groupTypeUuid> <parentUuid>...</parentUuid> <description></description> <delegatedCreation>false</delegatedCreation> <memberPolicy>MEMBERPOLICY_AUTOMATIC</memberPolicy> <viewingPolicy>VIEWINGPOLICY_LOW</viewingPolicy> <attributes> <attribute> <name>AD_GROUP_NAME</name> <type>TYPE_STRING</type> <value xmlns:xsi="">www.w3.org/.../XMLSchema-instance" xmlns:xsd="">www.w3.org/.../XMLSchema" xsi:type="xsd:string">...</value> </attribute> </attributes></group> <members> <users/> <groups/> </members> <admins> <users/> <groups/> </admins> <ruleSet/></groupHaul>
Discussion posts and replies are publicly visible
Check this link
docs.appian.com/.../SAML_for_Single_Sign-On.html
You have to use one atribute in your SAML assertion, that will contain the group or groups that the user belongs to( for example, memberof), and configure which one will be in admin console
IN appian, you will have to create a group type that contains all the groups that can be received via saml
Each one of the groups will have an att that matches against the group received via SAML (different name)
When a SAML request is received, the group received in the atribute will be matched agaisnt the groups contained in the group type.
In that way, you will that the groups synced, even when they have different names