With Catchpoint's SAML feature, you can use auto-provisioning to create new users in the Catchpoint portal the first time they log in. Users are created in the default division with Client Observer access by default, but administrators can specify division/access settings for auto-provisioned users through Direct Access configuration.
Configuring SAML Direct Access
The instructions below use Okta for single-sign-on, but this workflow applies to many different SAML integration providers. Consult your system's documentation to find the equivalent configuration settings.
-
In Okta Profile Editor settings, Add Attribute for Catchpoint access.
-
In Attribute Statements, specify the namespace, Division, and System Access values for auto-provisioned users. If your users have attributes in their IdP profile defining their role, you can determine their role in Catchpoint based on those values per these steps:
- Create User Roles in Catchpoint for each of the role/value pairs in your existing IdP. The IdP value must match the name in Catchpoint.
- If your Catchpoint portal has different Divisions mapped to different business units (examples: operations, marketing, etc.), make sure the Division name in Catchpoint matches the Business Unit name in the IdP settings.
- Pass the attributes in SAML application settings.
-
Go to Settings > SSO Identity Provider in Catchpoint and enable Direct assertion mapping in the Auto-provisioning section.
-
Click Create Assertions and set up your assertions using the parameters outlined in your SSO provider, and add the SSO Level and System Access you'd like users with that parameter to have in Catchpoint.
If an auto-provisioned user does not match any assertions, it will be assigned to the Default User Role as shown in the above screenshot.