Auth0 SAML SSO: Can we configure a user to be part of multiple groups?

ramansingh89 · ‎04-02-2024

Hi Sisense

we are working on to configure SSO (Auth0 Saml 2.0) with Sisense and would like to understand if a SSO user can be part of multiple groups? If yes:

- How those different group parameters are configured?
- If user is part of 2 groups (viewer and designer), which permission will take precedence?

sneak · ‎04-02-2024

Hello! I'm not a Sisense rep, but have been working with the platform for the last 4 years or so. I can confirm that SSO accounts can be assigned to multiple user groups (Team A, Team B, etc.), but I am not aware of a way to set multiple roles (Viewer, Designer, Data Designer, Data Admin, Admin) for a single user/account.

However, even a user who has Designer role will not automatically have permission to design on every Dashboard. The design permissions for individual dashboards are still delegated by higher roles (admin, data admin, and dashboard owner). The same is true for Data Model design permissions; even a Data Designer cannot manipulate a given Data Model unless they are specifically granted permissions by a higher role account. So, effectively, if you limit your power users with Designer and Data Designer permissions, they will operate as a Viewer of many things and a Designer of only those things they are granted explicit permission to.

Keep in mind, Data Admin and Admin roles have additional ability to explore and grant themselves permissions to things that were not previously explicitly granted to them, hence the "admin" designation.

Hope this helps!

View solution in original post

sneak · ‎04-02-2024

Hello! I'm not a Sisense rep, but have been working with the platform for the last 4 years or so. I can confirm that SSO accounts can be assigned to multiple user groups (Team A, Team B, etc.), but I am not aware of a way to set multiple roles (Viewer, Designer, Data Designer, Data Admin, Admin) for a single user/account.

However, even a user who has Designer role will not automatically have permission to design on every Dashboard. The design permissions for individual dashboards are still delegated by higher roles (admin, data admin, and dashboard owner). The same is true for Data Model design permissions; even a Data Designer cannot manipulate a given Data Model unless they are specifically granted permissions by a higher role account. So, effectively, if you limit your power users with Designer and Data Designer permissions, they will operate as a Viewer of many things and a Designer of only those things they are granted explicit permission to.

Keep in mind, Data Admin and Admin roles have additional ability to explore and grant themselves permissions to things that were not previously explicitly granted to them, hence the "admin" designation.

Hope this helps!

DRay · ‎04-18-2024

Hello @ramansingh89 ,

I wanted to follow up to see if the solution offered by @sneak worked for you.

If so, please click the 'Accept as Solution' button so that other users with the same questions can find the answer faster. If not, please let us know so that we can continue to help.

Thank you.

David Raynor (DRay)

Sisense Community

Auth0 SAML SSO: Can we configure a user to be part of multiple groups?