Precedence in Group Mapping

Edit online

About this task

This use case explains the precedence involved in mapping the logged in SSO users to webMethods API Gateway groups based on the SAML assertion.

Precedence order in mapping the IdP group in the SAML assertion to API Gateway group

Procedure

  1. webMethods API Gateway checks whether a group mapping exists in the SSO - Group Mapping configuration for the group in the SAML assertion. If the group mapping exists, then the user is automatically mapped to target group specified in the SSO.
  2. If the group mapping does not exist in the SSO - Group Mapping configuration, then webMethods API Gateway checks whether the group exists in the webMethods API Gateway. If the group exists in the webMethods API Gateway, then the user is mapped to that group.
  3. If there is no group specified in the SSO - Group Mapping configuration, and if the group does not exist in webMethods API Gateway, then the user is mapped to the default, Everybody group.