Assign SAML response roles to Security User Roles

TimeLordship · March 17, 2026, 9:18pm

Hi, I was able to assign

Following response is recieved in Groups:

            <saml:Attribute Name="Groups">
                                
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">18029425,10790416</saml:AttributeValue>
                            
            </saml:Attribute>

The security level grants are weird, as they don’t have Administrator or User, rather the string itself.
Any idea how I can assign Administrator to 10790416 and User to the other one?

TimeLordship · March 17, 2026, 9:18pm

Loosely related to SAML Security grants not visible - #2 by gmatano

TimeLordship · March 17, 2026, 11:39pm

I’m reading about runScript too, but wanted to make sure: Can I make a runScript and paste it directly into the User Attributed Mapping> “Roles” > Expression textbox?

paul-griffith · March 17, 2026, 11:41pm

I'm pretty sure you want the special containsAny expression here:

TimeLordship · March 18, 2026, 12:07am

Can you give me a clearer way of doing this?

So: in Administrator security expression/RULE, should I type in:
ContainsAny(‘10790416’)