⚙️Organization settings
Organization settings
Last updated
Organization settings
Last updated
The organization settings contains the organisation details such as ID and name.
This section allows you to edit the name of the organization. You can find the unique identifier for our organization.
Single Sign-On (SSO) is a form of authentication in which a user only needs to log in once to access multiple applications. This module makes it possible to integrate with any system that supports SSO via the SAML 2.0 protocol such as Active Directory or Okta.
For security reasons, this setting needs to be requested through support.
The configuration screen consists of several parts:
Settings for a user
Add new users to all projects within the organization
Enforce user roles via SSO
Metamaze roles will be overwritten with the highest provided AD role at every login request
Updating roles in user management will be disabled
Default role of each user (you can change the role in the user management after the first login of the user).
The default language of the software for the user. You can change this in the user management module or the user can change it himself in his or her profile.
Allowed domains (required)
Users belonging to the domains listed here will be redirected to your SSO flow.
You can still create new users with other domain names which will be able to log in using a username and password
Folders of user properties in Metamaze on the properties of your system. The properties you can map (add via 'add new attribute' button) are
first name
last name
language
email address
Service provider metadata (SP XML)
Copy the Metamaze metadata url to add to your SSO IDP (identity provider).
Paste your metadata into the text box
To configure your identify provider, you can use the following values
EntityId / Audience URL
https://app.metamaze.eu/gql/sso/metadata
ACS / Reply / SSO URL
https://app.metamaze.eu/gql/sso/authenticate/<organisationId>
Metadata XML
Click on "View metadata" button to download the correct XML.
To map Active Directory groups to Metamaze roles and override the default role that was configured in the settings, you can use the following attribute mappings
Metamaze role
AD Group
Admin
GR Metamaze_Admin, ou=Authorization Groups, ou=Groups
Manager
GR Metamaze_Manager, ou=Authorization Groups, ou=Groups
Operator
GR Metamaze_Operator, ou=Authorization Groups, ou=Groups
Validator
GR Metamaze_Validator, ou=Authorization Groups, ou=Groups
Labeler
GR Metamaze_Labeler, ou=Authorization Groups, ou=Groups
If multiple roles are provided in the request, the highest one will be taken based on the order in the table right above. Groups that don't match the AD Groups defined above will be ignored.
If no matching roles are provided in the request, the default role as configured will be used.
Roles provided by attribute mappings are only applied during account creation. After that, the roles are defined only in Metamaze and the SSO-provided roles are ignored.
Changing AD Groups for existing users will not change them in Metamaze. If you want to change the role of a user, you can do that in the corresponding user management section of the Metamaze settings.