Once your Orchid Fusion VMS properties file and Identity Provider web interface have been configured, you need to assign Fusion permissions for each of the groups you created within the IdP.
- With SAML fully configured, restart the Orchid Fusion VMS service.
- Now you need to associate your Orchid Fusion VMS Permissions Groups with the Identity Provider’s groups.
- Log into Fusion as an Administrator.
- Go to the Permission Groups screen.
- For each of your IdP groups that need to log into Fusion, do the following:
- Click the Add Permission Group button. (You may add these new groups to an existing Permission Group instead, if desired.)
- Enter a name and description for the new group.
- Go to the External Group Mapping section. (If this section does not appear, there must be a problem with the SAML configuration. The configuration may be incomplete or inaccurate, or you may have forgotten to restart the Fusion service.)
- Click in the Domain field and enter the name of the domain in which your target users exist. (This should match the value you configured as saml.common.setting.domain in the fusion.properties file.)
- Click in the Group field and enter the name of a group in which your target SAML users exist. (This should match the name of a group from any one of your configured IdPs.)
- Click the Add icon to add this new external group.
- Grant and revoke abilities and access to cameras, as needed.
- Click the Save button to save the Permission Group.
In the following example, we have a Permission Group that provides Administrator access to users in the orchid-hybrid-admins SAML group. (In this case, that’s the name of a Google Workspace group):
For additional details on adding external Permission Groups, please refer to the Orchid Fusion/Hybrid Administrator Guide.
Post your comment on this topic.