Using an AD user source and Ignition type IDP what is the most straightforward way to map AD roles like “site01-SCADA-engineer“ into the default engineer security level
1 Like
Don’t know if its the easiest but here is how I did it. go write a script in the project designated as gateway script project. Like so, and in my case, in a script library called ADroles
from java.util import ArrayList
def mapRoles(roles):
result = ArrayList()
if ("IgnitionAdministrators" in roles) or ("BMS-Admin" in roles):
result.add("Administrator")
if "BMS-Engineer" in roles:
result.add("Engineer")
if "BMS-Operator" in roles:
result.add("Operator")
if "BMS-View-only" in roles:
result.add("View-Only")
return result
then under Config > Security > Identity Providers > {YOUR IDP} - User Attribute Mapping
add runScript("ADroles.mapRoles",0,{attribute-source:idTokenClaims:roles})
1 Like
This works for me as well, thanks. Using runScript seems a bit hacky though. Would be nice to see better built-in support for this given how common it must be.
I raised a feature/idea to improve this: Active Directory Role Mapping | Voters | Inductive Automation
1 Like