Forum Discussion

ramansingh89's avatar
ramansingh89
ETL
04-02-2024
Solved

Auth0 SAML SSO: Can we configure a user to be part of multiple groups?

Hi Sisense

we are working on to configure SSO (Auth0 Saml 2.0) with Sisense and would like to understand if a SSO user can be part of multiple groups? If yes:

- How those different group parameters are configured?
- If user is part of 2 groups (viewer and designer), which permission will take precedence?

  • sneak's avatar
    sneak
    04-02-2024

    Hello! I'm not a Sisense rep, but have been working with the platform for the last 4 years or so. I can confirm that SSO accounts can be assigned to multiple user groups (Team A, Team B, etc.), but I am not aware of a way to set multiple roles (Viewer, Designer, Data Designer, Data Admin, Admin) for a single user/account.

    However, even a user who has Designer role will not automatically have permission to design on every Dashboard. The design permissions for individual dashboards are still delegated by higher roles (admin, data admin, and dashboard owner). The same is true for Data Model design permissions; even a Data Designer cannot manipulate a given Data Model unless they are specifically granted permissions by a higher role account. So, effectively, if you limit your power users with Designer and Data Designer permissions, they will operate as a Viewer of many things and a Designer of only those things they are granted explicit permission to.

    Keep in mind, Data Admin and Admin roles have additional ability to explore and grant themselves permissions to things that were not previously explicitly granted to them, hence the "admin" designation. 

    Hope this helps!

2 Replies

Replies have been turned off for this discussion
  • sneak's avatar
    sneak
    Cloud Apps
    04-02-2024

    Hello! I'm not a Sisense rep, but have been working with the platform for the last 4 years or so. I can confirm that SSO accounts can be assigned to multiple user groups (Team A, Team B, etc.), but I am not aware of a way to set multiple roles (Viewer, Designer, Data Designer, Data Admin, Admin) for a single user/account.

    However, even a user who has Designer role will not automatically have permission to design on every Dashboard. The design permissions for individual dashboards are still delegated by higher roles (admin, data admin, and dashboard owner). The same is true for Data Model design permissions; even a Data Designer cannot manipulate a given Data Model unless they are specifically granted permissions by a higher role account. So, effectively, if you limit your power users with Designer and Data Designer permissions, they will operate as a Viewer of many things and a Designer of only those things they are granted explicit permission to.

    Keep in mind, Data Admin and Admin roles have additional ability to explore and grant themselves permissions to things that were not previously explicitly granted to them, hence the "admin" designation. 

    Hope this helps!

  • DRay's avatar
    DRay
    Journey Map
    04-18-2024

    Hello ramansingh89 ,

    I wanted to follow up to see if the solution offered by sneak worked for you.

    If so, please click the 'Accept as Solution' button so that other users with the same questions can find the answer faster. If not, please let us know so that we can continue to help.

    Thank you.