Manage roles and organizations
The DoiT platform allows you to manage your user roles and the organizations they belong to. Instead of manually assigning user roles and organizations to each of your users within the DoiT platform itself, you can control the roles using groups or attributes set up in your company's user management system, for example, Azure AD, Okta, and so on. This makes managing who has access to DoiT easier and consistent with how you manage other applications.
You can do this using your Idp or the DoiT console. The method that you choose depends on your requirements. If you want to have more than one role and organization in the DoiT platform then use the DoiT console to map groups to your roles.
Users are created and updated through the IdP. When you off board users, once they are deactivated in the IdP, they lose access to the DoiT Platform. The DoiT Platform itself doesn't deactivate users.
Default role
If you do not configure roles and organizations in the DoiT console or using your IdP, the DoiT Platform will assign the default role of your organization to new users.
Setting a default role in the DoiT console doesn't impact existing users, though they might be affected if you explicitly set the default role in your IdP or DoiT console. We suggest that you consult the IdP-specific documentation for more information.
Configure using DoiT console
Using groups, you can configure multiple roles and organizations for your users using the DoiT console. You can map each group to a role and an organization.
To do this, assign your SSO Group IDs to specific DoiT roles and organizations in the DoiT console.
Note that:
-
You can map the same group and role to more than one organization.
-
You can only map one role to a group, meaning users can only have one role. When a user's group memberships match multiple groups, the mapping rule that appears first in the list is applied. Subsequent mapping rules are ignored. You can move the groups up or down the list if necessary.
Configure using Idp
Using your Idp, you can configure one role and one organization per user.
Roles
You can configure a DoiT Platform user role via your IdP by setting the custom attribute doit_platform_role_id
per user. The value of the attribute must be the role ID of the desired DoiT Platform user role (See Role ID for how to find the role ID in the DoiT console.)
Organizations
You can configure a DoiT Platform user organization via your IdP by setting the custom attribute doit_platform_org_id
per user. The value of the attribute must be the organization ID of the desired DoiT Platform user organization
If your IdP doesn't provide a value for doit_platform_org_id
, no organization will be assigned to the user.