cancel
Showing results for 
Search instead for 
Did you mean: 

Assigning users additional roles in SEN

nedapetrova
Explorer
0 Kudos
382

Dear Community members,

Currently we have setup the user access to SEN via SSO with SAP IAS and Azure AD as IDP. Whenever we grant new user access to SEN he/she is assigned by default with Learner role after first logon to SEN. Often we need to assign manually additional roles (e.g. Standard Author, Reviewer etc.), but at the moment this is possible only after the user have already logged in to SEN. Which means that first we have to inform that the user already has access, invite them to log in to SEN, wait for them to do that and only then be able to assign the additional role. When we have to handle several users at once this procedure becomes time consuming and not very efficient.

Is there smarter way to handle this. Any ideas/workarounds you have will be highly appreciated.

Accepted Solutions (0)

Answers (2)

Answers (2)

DirkManuel
Active Contributor

Well you can only assign additional roles to the Userid once the Userid has been created, and that only happens when the user first logs on... That said, you have two options:

(1) You can pre-define your users (manually) with all the roles you want them to have. But you MUST use exactly the same Userid for the manual ID as SSO will use, so that when they do log on, the manual ID will be 'converted' to an SSO ID. Otherwise it will create a second ID. (If you do this you should create the IDs using upload - see (2) below - otherwise they will be sent an email with their Userid/password, which you don't want.

(2) Wait for the IDs to be created via SSO, and then periodically download the list of new users (in Imported Users) to Excel, add the new roles to them there, and then upload the list back into SAP Enable Now, which will add the roles to the users. This way you can at least assign roles to multiple Userids at the same time.

nedapetrova
Explorer
0 Kudos

Hello Dirk,

Thanks for your answer! You've mentioned that we can use upload. Which server setting shall we enable in the Manager - is it "Automatic Microsoft Excel Import" or "Append User Roles".

Before enabling this settings in the Manager I would like to make sure first that it will not affect our current SSO setup?

Thanks!

DirkManuel
Active Contributor
0 Kudos

Well, the 'Automatic Microsoft Excel Import' is a third option. Using this, your IDP saves an extract of (all/selected) user records to a shared location, and then SAP Enable Now picks up that extract on the schedule you define, and imports those users to SAP Enable Now, creating the Userids (with the Role specified). But I'm guessing you don't want to do this as you have SSO set up already.

The option I was referring to is under Administration > User Import (once you have exported from Administration > Users) - and there you would select 'Append Roles'.

Anton_Mavrin
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi, nedapetrova


You can simply add the additional attribute "corporategroups" in your SAML assertion, which SAP Enable Now will treat as the user role(s) to assign to the account. See the screenshot below, showing the required attribute and values our IdP sends to the SAP Enable Now.