Auto-assign roles to SAML users

A guide on how to assign Omni roles to SAML users automatically.

This guide shows you how to configure your Omni instance, so that new users logging in with SAML authentication are automatically assigned to a role based on their SAML role attributes.

Create the file assign-operator-to-engineers-label.yaml for the SAMLLabelRule resource, with the following content:

  namespace: default
  id: assign-operator-to-engineers-label
  assignroleonregistration: Operator

As an admin, create it on your Omni instance using omnictl:

omnictl apply -f assign-operator-to-engineers-label.yaml

This will create a resource that assigns the Operator role to any user that logs in with SAML and has the SAML attribute Role with the value engineers.

Log in to Omni as a new SAML user with the SAML attribute with name Role and value engineers.

This will cause the user created on the Omni side to be labeled as

This label will match the SAMLLabelRule resource we created above, and the user will automatically be assigned the Operator role.