This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Looking to upgrade from Dynatrace Managed to SaaS? See how

How to assign a user to multiple groups via SAML/SSO

Go to solution
mikko_satama
Inactive

‎17 Apr 2018 12:18 PM - last edited on ‎13 Apr 2023 10:02 AM by Community Team

How to pass multiple user group names inside SAML 2.0 response attribute?

Could not find inside this documentation:

https://www.dynatrace.com/news/blog/servicenow-and...

0 Kudos
Reply
7 REPLIES 7

Go to solution
Radoslaw_Szulgo
Inactive

‎17 Apr 2018 02:05 PM

Just configure your idP to return multiple groups for a user in a SAML 2.0 response. Then setup the groups attribute in the configuration screen :

and it should work. More in our help page:

https://www.dynatrace.com/support/help/get-started...

If that does not answer your question, please provide more details.

Senior Product Manager,
Dynatrace Managed expert
0 Kudos
Reply

Go to solution
mikko_satama
Inactive

‎18 Apr 2018 11:09 AM

Thanks Radoslaw, but that did not answer my question, which was probably not well formatted, but I just fiqured out it by testing.

The answer I was looking for:

You can pass multiple group names inside one attribute value (User group attribute) by separating them with comma-sign (,).

For example Group name 1,Group name 2,Group name 3

And of course group names should match exactly (case sensitive, no extra spacing) with Dynatrace User Group names.

Reply

Go to solution
mikko_satama
Inactive

‎18 Apr 2018 11:10 AM

And please, add this information to your documentation:

https://www.dynatrace.com/support/help/get-started/managed-users-and-permissions/can-i-manage-users-and-groups-with-saml

Reply

Go to solution
tarjei_utnes
Helper

‎25 Apr 2018 04:20 PM

I second that. Please update documentation to explain how it accepts multiple groups.

Reply

Go to solution
Radoslaw_Szulgo
Inactive
In response to tarjei_utnes

‎14 May 2019 07:43 PM

I’ll follow up with the team and we will improve that. Thanks!


Senior Product Manager,
Dynatrace Managed expert
0 Kudos
Reply

Go to solution
qmt
Newcomer

‎28 Nov 2018 05:33 PM

Let me add this info here because I had a rough time configuring the group attribute, and my discovery wasn't documented :

I did create the Dynatrace groups with the exact same name as my Active Directory Groups, and it was still not working (using ADFS for the SSO)

In fact the name of the "user group attribute" in the SAML response was not "gr" nor "group" (as I configured it in ADFS), but it was "http://schemas.xmlsoap.org/claims/group" (yes, the whole url)

So I don't know who is responsible for this behavior, if it's Dynatrace or Microsoft, but at least now it works 🙂


Reply

Go to solution
Greg_Sanders
Participant
In response to qmt

‎05 Nov 2019 04:29 PM

where did you actually specify the url, "http://schemas.xmlsoap.org/claims/group"?


0 Kudos
Reply
Ask a question

Featured Posts