Group Mapping

Overview

Group mapping simplifies access management by associating permission groups from external Identity Providers with your system's internal groups within StackSpot.

Follow the steps to create and configure Group Mappings:

Prerequisites

• You must have Account Holder or Admin permission to proceed;
• You must have configured an SSO (Single Sign-On).

How to create a Group Mapping

Step 1. Log in to the StackSpot AI Platform;

Step 2. Click on your profile avatar and select the 'Organization' option;

Step 3. In the Account's Portal main menu, click on 'Identity & Security', then click 'Single Sign-On (SSO)' and select the one you want to create a Group Mapping;

Step 4. On the left side menu, click the 'Group Mapping' tab;

Step 5. Click the 'Create Group Mapping button;

Step 6. Name the Group Mapping and select its type:

• Attribute to a Group;
• Default Role;
• Default Group;
• Dynamic Group.

See the steps to configure each Group Mapping type:

Attribute for a Group

danger

This type of group mapping is available only to SSO configured via SAML V2.0.

It associates a specific attribute from external authentication to an internal StackSpot EDP group.

Follow the steps to configure it:

Step 1. Fill in the fields:

• Group mapping name: You already named it;
• Group mapping type: Attribute to a Group;
• Attribute name: It's a value that corresponds to the Group within your external authentication system;
• Attribute value: It corresponds to the Group within the StackSpot EDP system;
• List of groups in StackSpot:

Step 2. Click 'Create Group Mapping'.

You've configured a Group Mapping.

Default Group

When you create a Group Mapping of the Default Group type, you establish a Default Group with specific characteristics that will automatically apply to every new user added to your Organization's account.

Follow the steps to configure it:

Step 1. Fill in the fields:

• Group mapping name: You already named it;
• Group mapping type: Default Group;
• List of Groups in StackSpot: Choose a Group from StackSpot.

Step 2. Click 'Create Group Mapping'.

You've configured a Group Mapping.

Default Role

When you create a Group Mapping of the Default Role type, you establish a Default Role that will automatically apply to every new user added to your Organization's account.

Step 1. Fill in the fields:

• Group mapping name: you already did it;
• Group mapping type: Default Group;
• List of Roles in StackSpot: choose a Role from StackSpot.

Step 2. Click 'Create Group Mapping'.

You've configured a Group Mapping.

Dynamic Group

danger

This type of group mapping is available only to SSO configured via SAML V2.0.

Links an attribute to the internal group using a regex-based rule.

Follow the steps to configure it:

Step 1. Fill in the fields:

• Group mapping name: You already named it;
• Group mapping type: Dynamic Group;
• Attribute name;
• Regular Expression: For example, (?i)([a-z0-9_-]{1,30})[_-]STACKSPOT[_-]([a-z0-9_]{1,30}).

Step 2. Click 'Create Group Mapping'.

You've configured a Group Mapping.