Skip to main content

Manage roles and organizations

The DoiT platform allows you to manage your user roles and the organizations they belong to. Instead of manually assigning user roles and organizations to each of your users within the DoiT platform itself, you can control the roles using groups or attributes set up in your company's user management system, for example, Azure AD, Okta, and so on. This makes managing who has access to DoiT easier and consistent with how you manage other applications.

You can do this using your Idp or the DoiT console. The method that you choose depends on your requirements. If you want to have more than one role and organization in the DoiT platform then use the DoiT console to map groups to your roles.

Note

Users are created and updated through the IdP. When you off board users, once they are deactivated in the IdP, they lose access to the DoiT Platform. The DoiT Platform itself doesn't deactivate users.

Default role

If you do not configure roles and organizations in the DoiT console or using your IdP, the DoiT Platform will assign the default role of your organization to new users.

Setting a default role in the DoiT console doesn't impact existing users, though they might be affected if you explicitly set the default role in your IdP or DoiT console. We suggest that you consult the IdP-specific documentation for more information.

Configure using DoiT console

Using groups, you can configure multiple roles and organizations for your users using the DoiT console. You can map each group to a role and an organization.

To do this, assign your SSO Group IDs to specific DoiT roles and organizations in the DoiT console.

Note that:

  • You can map the same group and role to more than one organization.

  • You can only map one role to a group, meaning users can only have one role. When a user's group memberships match multiple groups, the mapping rule that appears first in the list is applied. Subsequent mapping rules are ignored. You can move the groups up or down the list if necessary.

SSO group mapping

Configure using Idp

Using your Idp, you can configure one role and one organization per user.

Roles

You can configure a DoiT Platform user role via your IdP by setting the custom attribute doit_platform_role_id per user. The value of the attribute must be the role ID of the desired DoiT Platform user role (See Role ID for how to find the role ID in the DoiT console.)

Organizations

You can configure a DoiT Platform user organization via your IdP by setting the custom attribute doit_platform_org_id per user. The value of the attribute must be the organization ID of the desired DoiT Platform user organization

If your IdP doesn't provide a value for doit_platform_org_id, no organization will be assigned to the user.