Access MMG using SAML Realm

This section provides information on managing users who can access MMG with Identity Provider (IdP or IDP). An Identity Provider (IdP) is a service that stores and verifies user identity. IdPs are cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users. An Identity Provider stores and manages users' digital identities. An IdP checks user identities via username-password combinations and other factors, or it may simply provide a list of user identities that another Service Provider (like an SSO) checks. The following are the ready-to-use roles that can access MMG using SAML Realm. To integrate MMG with IdP as the SSO Provider, follow these steps:

Note:

When SAML Realm is used and aai.enable.fetchgroups=true, then OFS MMG authenticates the user through the SAML Identity Provider (for example, IDCS) and fetches the user's group memberships from AAI (OFSAA). In this configuration, each user must be explicitly assigned or mapped to the SAML application in the Identity Provider, group membership alone is not enough for accessing the application.

If a user is not mapped to the SAML application, the SAML login may succeed but the user will not be authorized to access OFS MMG.

1. Create the following roles in the IDP System:
   For MMG:

   • IDNTYADMN
   • IDNTYAUTH
   • MDLREV
   • MDLAPPR
   • MDLBATCHUSR
   • WKSPADMIN
   • MDLUSR
   • DSUSRGRP
   • DSREDACTGRP
   • GRPADMIN
   • GRPUSR

   Note:

   IDNTYADMN role is required only if you need the Admin Access.
2. Map the user groups to the respective user based on the user roles. The default permissions mapped to these users are available in the Permission section. However, these permissions can be added or modified.

   Note:

   It is recommended to use AAIRealm or SAMLRealm.