1. How do I manage users and role access to the administration user interface?
  2. Create Group Mappings

Create Group Mappings

From Administration > Roles Management, administrators can create groups, assign roles to groups, assign groups to roles, and manage which permissions are enabled for each role.

Related Topics

Add a Group

  1. Navigate to Menu Bar > Administration > Security Management > Roles Management.

    The Group Mappings tab lists all groups that are synchronized from the OCI IAM integrated with your SFA environments.
    Note:
    By default, the following groups will be listed
    • OCI IAM created groups
      • All Domain Users
      • Domain_Administrators
    • SFA created groups

      • Admin (Default administrator credentials for the Self-Service portal)

      • SYS_ADMIN (Default administrator credentials for the Administration user interface)

      • Membership in these groups gives you the administrator rights to all corresponding Administration interface or Portal instances in all your SFA environments

  2. Click Add Group.
  3. Provide a name for the group and a brief description of its purpose.
  4. Click Save.

When you create a new group, you can assign it to an existing role also. After a group is created, you can’t delete it from Group Mappings section. You can delete it from OCI IAM console only.

Assign Groups to Roles

You can assign roles to multiple groups. Also, you can assign groups to multiple roles. Users in a group with multiple roles get all the permissions from each role combined.

If you're trying to log in, but you're part of a different group or environment than expected, you'll see an error message. To avoid this, it's a good practice to name your groups clearly, including information about the environment and application they're related to.

Map a Group to a Role

Make sure you select the correct group when doing the mapping. Therefore, name your groups clearly, including information about the environment and application they're related to.

  1. Navigate to Administration > Security Management > Roles Management.
  2. Select one or more groups from the Group Mappings tab.
  3. Select the required role from the Roles list to associate the group mapping.
  4. Click Save.

Synchronize Groups

You can manually synchronize groups from the OCI IAM domain with the SFA environment. This updates the group listings and displays any changes, like if a group was removed from the OCI Cloud Console but still linked to a role in SFA.

Every night, a synchronization process automatically checks and validates the connections between groups and roles to ensure everything works correctly.

Administration > User Management gets updated to show different user types. It’ll display the source of each user's login, like whether they used an older local login method or a newer one through a third-party provider. This helps track how users access their accounts, especially with the new OCI identity integration. For example, if a user logs in with both the old and new methods, the application will show both, allowing customers to see the login sources.

In this scenario, if a conflict arises, the role is highlighted in red within the SFA group management interface to alert administrators and prompt action. The SFA administrator can resolve the issue by:

  • Mapping the role to an existing or new OCI IAM Group
  • Leaving the role unmapped to an OCI IAM Group

If a user is assigned only the affected role and attempts to log into the SFA administration interface before the issue is resolved, they will receive an error message indicating that an issue has occurred while signing in and to contact the financial aid office for assistance.