Skip to main content

Holder group login

Con esta funcionaliad se va a pertimir a los usuarios que puedan logarse en aplicaciones, SP correctamente configurados, indicando con que grupo se quieren logar para recibir los permisos segun el grupo seleccionado.

Cuando el usuario hace login, deberá seleccionar el grupo en el que quiere logase.

¿Como se hace esta lista de grupos? se muestra la lista con los grupos, principal y secundarios, que tengan como tipo un HG Yes.

Una vez logado en el grupo Soffid compartirá con la aplicación (SP), la siguiente información

  • Holder group: Grupo seleccionado por el usuario al hacer el login
  • Roles: se devuelve una lista con lo siguiente
    • Roles que tenga asignados directamente el usuario
    • Roles que tenga el usuario por cumplimiento de alguna regla de asignación de roles
    • Roles asignados en el grupo que ha seleccionado el usuario al logarse.

Introduction

In some organizations is necessary to assign roles that affect only a part of the structure, for instance, a department, a division or a country. A Holder Group can be defined as a collection of entities (referred to as "holders") that share similar characteristics, roles, permissions, or access requirements. The concept of a Holder Group simplifies the management of identities by enabling administrators to apply policies, assign roles, and manage permissions at the group level rather than individually.

The Soffid federation allows a new way to login the user, the Holder group login. This new way, allows the user to login to applications, Service Provider, indicating with which group the user wants to log in. Soffid will share with the application the roles and permissions according to the selected group.

If you want an application to allow Holder group login, the option Ask for group membership after authentication of the Service Provider must be activated (Yes option selected).

 

 

 

 

Key features

Grouping for Simplification: Holder Groups allow similar entities to be managed collectively. For instance, all employees in a specific department can be placed in a single Holder Group.

Role and Permission Assignment: Roles or permissions can be assigned to a Holder Group, and all members of the group inherit those permissions. This ensures consistency and reduces administrative overhead.

Policy Enforcement: Security policies, such as password requirements, multifactor authentication rules, or session timeout settings, can be applied to groups. Different Holder Groups can have tailored policies depending on their needs (e.g., high-security groups vs. regular user groups).

Back to top