Holder group

Introduction

A Holder Group can be defined as a logical grouping or collection of entities (referred to as "holders") that share similar characteristics, roles, permissions, or access requirements. The concept of a Holder Group simplifies the management of identities by enabling administrators to apply policies, assign roles, and manage permissions at the group level rather than individually.

Steps to configure

1. Group type

It is necessary to define a Group type with Rol Holder to Yes

💻 Image

https://bookstack.soffid.com/books/soffid-3-reference-guide/page/group-type

2. Groups

Then, you need to define the groups with this specific group type.

💻 Image

https://bookstack.soffid.com/books/soffid-3-reference-guide/page/groups

3. Attribute definition

Holder group

💻 Image

Role & group membership

💻 Image

You have to define the attribute sharing policies

💻 Image

In this case, the Holder group, and Role & group membership attributes will be always shared.

x. Users

Use cases

1. User with no groups (Primary or secundary) with type holder group Yes. When this user log into an application --> The user login normally to the application

2. User with Primary group RRHH (Type holder group yes) and No Secondary groups with Type holder group yes . When this user log into an application --> The user will be loged-in the application with the group RRHH.

3. User with Primary group RRHH (Type holder group yes) and Secondary group Marketing (Type holder group yes). When this user log into an application --> The user will have to choose the holder group to login the application.

💻 Image

4. User with any Primary group with Type holder group no, and with some Secondary groups with Type holder group yes. When this user log into an application --> The user will have to choose the holder group to login the application.

💻 Image

SAML (Security Assertion Markup Language)

SAML architecture

SAML Example

OpenID-Connect

OpenID-Connect architecture

OpenID-Connect example

CAS (Central Authentication Service)

CAS architecture

CAS Example

Radius (Remote Authentication Dial-In User Service)

Radius architecture

Radius Example

TACACS+ (The Terminal Access Controller Access-Control System Plus)

TACACS+ architecture

TACACS+ Example

WS-Fed

WS-Fed Architecture

WS-Fed Example

⏰ Getting started

Attribute definition

Attribute sharing policies

Identity & Service providers

Shared signals & events members

Entity Group

Identity Provider

Service Provider

Virtual Identity Provider

Profiles

OpenIDProfile

SAML1ArtifactResolutionProfile

SAML1AttributeQueryProfile

SAML2ArtifactResolutionProfile

SAML2AttributeQueryProfile

SAML2ECPProfile

SAML2SSOProfile

CAS

Radius

ESSO

How to deploy the identity & service provider

Change Password URL

How to perform unsolicited login

Connecting an OpenID Connect service

Connecting a SAML service

Connecting Soffid console

Connecting your custom applications

Openid-connect to SAML interoperability

Openid-connect Dynamic Register

Connecting CAS client

Connecting Tacacs+

Connecting Radius client

validate-domain

validate-credentials

expire-session

generate-saml-request

parse-saml-response

generate-saml-logout-request

Soffid IdP as an identity broker

External oAuth / OpenID Identity Providers

Holder group

Introduction

Steps to configure

Use cases

Login (OpenID Connect or SAML)