Skip to main content

Holder group login

Con esta funcionaliad se va a pertimir a los usuarios que puedan logarse en aplicaciones, SP correctamente configurados, indicando con que grupo se quieren logar para recibir los permisos segun el grupo seleccionado.Introduction

Cuando el usuario hace login, deberá seleccionar el grupo en el que quiere logase.

¿Como se hace esta lista de grupos? se muestra la lista con los grupos, principal y secundarios, que tengan como tipo un HG Yes.

Una vez logado en el grupo Soffid compartirá con la aplicación (SP), la siguiente información

  • Holder group: Grupo seleccionado por el usuario al hacer el login
  • Roles: se devuelve una lista con lo siguiente
    • Roles que tenga asignados directamente el usuario
    • Roles que tenga el usuario por cumplimiento de alguna regla de asignación de roles
    • Roles asignados en el grupo que ha seleccionado el usuario al logarse.

Introduction

In some organizations is necessary to assign roles that affect only a part of the structure, for instance, a department, a division or a country. A Holder Group can be defined as a collection of entities (referred to as "holders") that share similar characteristics, roles, permissions, or access requirements. The concept of a Holder Group simplifies the management of identities by enabling administrators to apply policies, assign roles, and manage permissions at the group level rather than individually.

The Soffid federation allows a new way to login the user, the Holder group login. This new way, allows the user to login to applications, Service Provider, indicating with which group the user wants to log in. Soffid will share with the application the roles and permissions according to the selected group.

If you want an application to allow Holder group login, the option Ask for group membership after authentication of the Service Provider must be activated (Yes option selected).

Once

the

user

has

 

 

Key features

Grouping for Simplification: Holder Groups allow similar entities to be managed collectively. For instance, all employeeslogged in ausing specificthe departmentfederation, canSoffid bewill placedshare inwith athe singleService Provider application the following information:

  • Holder Group.

    group:

    RoleGroup andselected Permissionby Assignment:the user when logging in.

  • Roles orlist: permissions can
      be
    • Roles directly assigned to the user.
    • Roles assigned to the user in compliance with a HolderRole Group,Assignment andRule.
      • all
    • Roles membersassigned ofin the group inheritselected thoseby permissions. This ensures consistency and reduces administrative overhead.

      Policy Enforcement: Security policies, such as password requirements, multifactor authentication rules, or session timeout settings, can be applied to groups. Different Holder Groups can have tailored policies depending on their needs (e.g., high-security groups vs. regularthe user groups).when logging in.

Back to top