Orchid Fusion VMS Installation Guide

Assigning Permissions to SAML Users

Once your Orchid Fusion VMS properties file and Identity Provider web interface have been configured, you need to assign Fusion permissions for each of the groups you created within the IdP.

Beginning in version 24.6.1, SAML users may be mapped to a Permission Group using multiple attributes. (These attributes are identifiers that have already been assigned within the external IdP, such as Google or Ping.)

  1. With SAML fully configured, restart the Orchid Fusion VMS service.
  2. Now you need to associate your Orchid Fusion VMS Permissions Groups with the Identity Provider’s groups.
  3. Log into Fusion as an Administrator.
  4. Go to the Permission Groups screen. For each of your IdP groups that need to log into Fusion, do the following:
    1. Click the Add Permission Group button. (You may add these new groups to an existing Permission Group instead, if desired.)
    2. Enter a name and description for the new group.
    3. Go to the External Group Mappings tab.
    4. Check the Attribute Group Mappings section; it should display the external SAML group (or groups) that you have configured. (If your SAML group does not appear, there must be a problem with the SAML configuration. The configuration may be incomplete or inaccurate, or you may have forgotten to restart the Fusion service.)
    5. Click on the SAML group to expand it.
      1. Click the Create an Attribute Set button.
      2. Click the Attribute drop-down list to select an available attribute.
      3. In the Attribute Value field, enter the attribute value that is associated with your target users. (All of the users that match the attribute and value will be added as members of this Permission Group.)
      4. Click the Add Another Attribute button if you want to select another attribute. (If your Attribute Set contains multiple attributes, a user must match all of those attributes in order to be added to the Permission Group.)
      5. Click the Add an Attribute Set button if you need to incorporate users that have an entirely different group of attributes. (If you are using multiple Attribute Sets, a user must match at least one of those sets in order to be added to the Permission Group.)
    6. Use the Domain Group Mappings section if you need to add users from external systems outside of SAML.
    7. Use the remaining tabs to grant and revoke abilities and access, as needed.
    8. Click the Save Group button to save the Permission Group.

In the following example, we have a simple Permission Group that provides access to users in the orchid-hybrid-viewers SAML group. (In this case, that’s the name of a Google Workspace group):

For additional details on adding external Permission Groups, please refer to the Orchid Fusion/Hybrid Administrator Guide.

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Please do not use this for support questions.
IPConfigure Technical Support

Post Comment