Using an AD user source and Ignition type IDP what is the most straightforward way to map AD roles like “site01-SCADA-engineer“ into the default engineer security level
Don’t know if its the easiest but here is how I did it. go write a script in the project designated as gateway script project. Like so, and in my case, in a script library called ADroles
from java.util import ArrayList
def mapRoles(roles):
result = ArrayList()
if ("IgnitionAdministrators" in roles) or ("BMS-Admin" in roles):
result.add("Administrator")
if "BMS-Engineer" in roles:
result.add("Engineer")
if "BMS-Operator" in roles:
result.add("Operator")
if "BMS-View-only" in roles:
result.add("View-Only")
return result
then under Config > Security > Identity Providers > {YOUR IDP} - User Attribute Mapping
add runScript("ADroles.mapRoles",0,{attribute-source:idTokenClaims:roles})