This article explains how to automatically create users in EloView 3 with the appropriate security role

Users do not need to be created in EloView. A successful SAML response will automatically create the user account and assign the user to the corresponding user role if the information is specified in the SAML token. When no user role is specified, the user is assigned the default non-admin viewer role.

EloView will capture the following claims (case sensitive):

• email
• firstName
• lastName
• roles

The value specified in roles would match a name of a user role in EloView.

Example:
User Roles (some out-of-box roles in EloView)

• Admin
• Registered User
• Viewer

Users

• Charlie Smith

If Charlie needs to be assigned to the Admin user role, his SAML token will need to include all the claims mentioned earlier with the roles = Admin. When Charlie logs in for the first time, the account is created and assigned to the Admin user role.

If Charlie’s role changes to Viewer, his SAML token will instead contain roles = Viewer. On the next login, the role is automatically updated in EloView.

If the SAML token specified the role Consultant, but no user role exists in EloView with that name, Charlie will be assigned the default non-admin viewer role.

Let’s say Charlie is in a security group or distribution group called KFC Admins in their Identity Provider (IdP – example: Azure Active Directory), but the user role in EloView is named Onsite_Admins_Technicians. There needs to be some backend configuration on your end to translate KFC Admins = Onsite_Admins_Technicians. EloView only needs to know the value of the roles, not what security group or distribution group the user is in.

When the user signs in with SAML, “SAMLUser” is appended to the Account Type to tell it apart from non-SAML users. If you delete the account in EloView, it will be recreated after the next successful login.



Account deletions need to be done manually in EloView if a user needs to be removed.