Auto-Match Roles for Services

Assigning roles to users can be a complex and time-consuming task, especially in organizations with a large number of users. Auto-Match reduces the workload of administrators with the automation of service role assignments. Auto-Match is based on the IdP's groups' names. This means that with Auto-Match you can match the user's existing IdP group name and assign them a corresponding ("matching") service role in the Infinity Portal. If a user is a member of more than one group in their IdP, select the applicable group name to be used in the Infinity Portal.

Example 1: User A belongs to a group named "Read-Only" in their Okta portal. When User A is added to the Infinity Portal, the portal automatically assigns them a "Read-Only" service role. This means that User A is given restricted access to the Infinity Portal and can only see or read information.

Example 1: Read-Only

Example 2: User B is a member of a group named "Admin(s)" or "Administrator(s)" in Microsoft ADFSClosed Active Directory Federation Services. A Microsoft software component for Windows Server OS to give users single sign-on access to an organization's systems and applications.. After they are added to the Infinity Portal, the user is automatically assigned an "Admin" service role.

Example 2: Administrator

For more information about Configuring Users in the Infinity Portal, see Users.

Note - The Auto-Matched Roles do not override the existing service roles.

Supported IdPs:

  • Okta

  • Microsoft ADFS

  • OneLogin

  1. In the Infinity Portal go to > Identity & Access.

  2. In the Auto Match Roles for Services section, select the checkbox Enable auto match role for.

  3. To enable Auto-Match for all of your Infinity Portal services, select All Services.

    Or,

  4. To enable Auto-Match for specific service(s), select Specific Services and in the Select Service tab, select which service(s) to enable Auto-Match.

  5. The Infinity Portal automatically saves your settings.

Sessions

Below the Sessions section, two parameters determine how a session is conducted.

Force Login After

The Force Login After feature limits your work time. The system prompts you to log in again after the designated period and renew your session. To configure Force Login After, select one of the periods of activity. The default is one day.

Idle Session Timeout After

The Idle Session Timeout After feature limits your current session time. The system prompts you to renew your session when no activity occurred after the designated period. It is not necessary to log in. To configure this feature, select one of the periods of inactivity. The default is 15 minutes.