IdP group mapping - SOAR only

This article explains how to create users automatically based on their Identity Provider (IdP) group assignment for the Google Security Operations SOAR platform. This feature is only available when one provider is defined.

Before you begin

Read through and complete the instructions in Authenticate users using SSO.

Set up the IdP mapping groups

The following steps assumes you are setting up the IdP group mapping in the Google SecOps SOAR-only platform:

1. Select the IdP group mapping option to open an advanced tab with more parameters. Fill out the parameters according to the fields in the SAML provider you are using.
   • First Name Attribute: Name of the attribute that contains the user's given name. For example, in Google Workspace the attribute is called first name.
   • Last Name Attribute: Name of the attribute that contains the user's family name. For example, in Google Workspace the attribute is called last name.
   • Login ID Attribute: Name of the attribute that contains the user's unique ID. For example, in Google Workspace the attribute is called subject
   • Email Attribute: Name of the attribute that contains the user's primary email address. For example, in Google Workspace the attribute is called primary email
   • Group Name Attribute: Name of the attribute that contains the groups to which the user belongs within the organization. For example, in Google Workspace the attribute is called groups.
2. Click add to open the IdP table.
3. Fill out the IdP group mapping table as follows. For each IdP group that you have defined in your SAML provider, you need to add a SOAR SOC role, a permission group, and an environment. For more information about these fields, see Control Access to platform.
4. When you're finished mapping the IdP groups, click Save.