Skip to main content

Change to SAML Group-to-Role Mapping (Manage)

Sumo Logic has introduced a change to the way group-to-role mapping is handled when performing on-demand role provisioning during SAML authentication. Previously, all groups included in a SAML assertion were validated against roles in Sumo Logic. Going forward, only the groups that match existing roles in Sumo Logic will be applied to the authenticating user. Any non-matching groups will be ignored. Only if no roles match with the groups passed in the assertion will an authentication fail.

For more information about SAML configuration for roles provisioning, see Configure on-demand roles provisioning.

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.