[IdP] Mapping Auth0 roles to Outsystem roles via SAML

Forge Component
Published on 9 May (14 days ago) by Telmo Martins
32 votes
Published on 9 May (14 days ago) by Telmo Martins

Hi everyone,

We are in the process of setting up a Single Sign On solution linked to Auth0 as Identity Provider. Groups, roles, permissions and users are managed in Auth0. When a user logs in to one of our Outsystems application he should receive the roles linked to his user from Auth0 over SAML.

The roles are added to the saml response:

Next step would be do map these roles to the roles defined in Outsystems. How do we accomplish this? 

So far I've only seen mappings for groups in the code. Even though in the IdP code it says:

This action can be found in the Auth/IdP/Preparation screen action.

Hi Andy,

Roles are not supported, only Groups.

You have two options:

1) Without customization, you can create all the groups on OutSystems side and associate to them the roles you want on OutSystems side as well, and the IdP by design will assign the user to the group(s) from the SAML response.

2) Customize the component: the IdP component to directly assign the Roles is not straight forward because a Role is tied to a specific eSpace and you easily can have two different roles in two different eSpaces that happens to have the same name and assign the wrong role to the user on the login process. But yes, you can change the component code to set roles instead of groups.