If your account uses Delegated Authentication on your Nearmap account, you can manage user permissions for Nearmap workspaces through Identity Provider (IdP) groups. Each time a user logs in, their IdP group names are shared with Nearmap, allowing for Workspace permissions to be assigned based on group membership, instead of configuring them for each user individually.
Adding IdP groups to a workspace
- Select Account, Workspaces.
- From the All workspaces tab, locate the workspace to which you want to add an IdP group.
- Click the Ellipsis button. A menu is displayed.
- Select Add groups to workspace. The Add SSO IdP group to workspace dialog is displayed.
- Complete the following fields:
- SSO IdP: This is the name of your SSO provider.
- IdP Group: Type the name of the IdP group you want to add to the workspace. An IdP group is typically defined by your IT systems administrator.
NOTE: The IdP group name must be entered exactly as it is sent from your Identity Provider. - Role: Select the permission level for the IdP group.
- Click ADD. The IdP group is added to the workspace.
Internal IdP group
In addition to the IdP groups created in your IdP, a special group nm-internal-default
has been created within MyAccount. The purpose of this group is to act as a fallback if users are not assigned to any of your organization's IdP groups. This group is treated specially in that any workspace roles assigned to it are automatically granted to all users signing in through this IdP.
The nm-internal-default
group should not be defined in your IdP.