This document explains how to automatically create users in the Google Security Operations SOAR platform based on their Identity Provider (IdP) group assignments.
The following procedure assumes you're setting up the IdP group mapping
in the Google SecOps SOAR-only platform:
Select the IdP group mapping option. This opens an advanced tab where you can configure parameters based on the fields in your SAML provider.
First Name Attribute: Name of the attribute that contains the
given name (for example, first name in Google Workspace).
Last Name Attribute: Name of the attribute that contains the
user's family name (for example, last name in Google Workspace).
Login ID Attribute: Name of the attribute that contains the
user's unique ID (for example, subject in Google Workspace).
Email Attribute: Name of the attribute that contains the user's
primary address (for example, primary email in Google Workspace).
Group Name Attribute: Name of the attribute that contains the
groups to which the user belongs within the organization (for example, groups in Google Workspace).
After you've defined the attributes, click add Add IDP Group.
Complete the IdP group mapping table. For each IdP group from your SAML provider, you must assign the following:
A SOAR SOC role
A permission group
An environment or environment group (you can assign both at the same time.
For more information about these fields, see
Control access to platform.
When you're finished mapping the IdP groups, click Save.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eThis document explains how to automatically create users in the Google Security Operations SOAR platform based on their Identity Provider (IdP) group assignments.\u003c/p\u003e\n"],["\u003cp\u003eIdP group mapping is only available for standalone SOAR platforms with a single provider defined.\u003c/p\u003e\n"],["\u003cp\u003eSetting up IdP group mapping involves configuring attribute fields like First Name, Last Name, Login ID, Email, and Group Name within the platform's advanced settings.\u003c/p\u003e\n"],["\u003cp\u003eEach IdP group defined in your SAML provider must be mapped to a corresponding SOAR SOC role, permission group, and environment/environment group within the IdP group mapping table.\u003c/p\u003e\n"],["\u003cp\u003ePrior to configuring IdP group mapping, users should complete the instructions for authenticating users using SSO, as described in the external authentication documentation.\u003c/p\u003e\n"]]],[],null,["# IdP group mapping - SOAR only\n=============================\n\nSupported in: \n[SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\u003cbr /\u003e\n\n| **Note:** This document is for customers using the standalone SOAR platform only.\n\n\u003cbr /\u003e\n\nThis article explains how to create users automatically based on their\nIdentity Provider (IdP) group assignment for the\nGoogle Security Operations SOAR platform. This feature is only available when one\nprovider is defined.\n\nBefore you begin\n----------------\n\nRead through and complete the instructions in\n[Authenticate users using SSO](/chronicle/docs/soar/admin-tasks/saml-soar-only/external-authentication).\n\nSet up the IdP mapping groups\n-----------------------------\n\nThe following steps assumes you are setting up the **IdP group mapping**\nin the Google SecOps SOAR-only platform:\n\n1. Select the **IdP group mapping** option to open an advanced tab with more parameters. Fill out the parameters according to the fields in the SAML provider you are using.\n - **First Name Attribute** : Name of the attribute that contains the user's given name. For example, in Google Workspace the attribute is called **first name**.\n - **Last Name Attribute** : Name of the attribute that contains the user's family name. For example, in Google Workspace the attribute is called **last name**.\n - **Login ID Attribute** : Name of the attribute that contains the user's unique ID. For example, in Google Workspace the attribute is called **subject**\n - **Email Attribute** : Name of the attribute that contains the user's primary email address. For example, in Google Workspace the attribute is called **primary email**\n - **Group Name Attribute** : Name of the attribute that contains the groups to which the user belongs within the organization. For example, in Google Workspace the attribute is called **groups**.\n2. Click add to open the IdP table.\n3. Fill out the IdP group mapping table as follows. For each IdP group that you've defined in your SAML provider, you need to assign a SOAR SOC role, a permission group, and an environment or environment group. You can assign both environments and environment groups at the same time. For more information about these fields, see [Control Access to platform](/chronicle/docs/soar/admin-tasks/advanced/control-access-to-platform).\n4. When you're finished mapping the IdP groups, click **Save**.\n\n\u003cbr /\u003e\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
