Federated user role mapping

Beginning in February 2021,
ClientNet enabled organizations to use federation to link their Identity Providers (IdPs) to Symantec's IdP (Okta) so that their users could sign in to ClientNet using accounts and credentials that the organizations controlled.  However, administrators still had to assign security roles to these federated users in ClientNet.
As of July 2021,
organizations that have configured federation to manage users' identities can also configure their IdP integrations to pass security roles to ClientNet, and then map these roles to email access permissions.
Once this mapping is configured and
Enforce at login
is enabled, users' access levels are re-assessed at each login based on their federated roles.
To map IdP roles to email access permissions:
  1. Browse to
    Administration > Access Control > Login federation with your own identity solution.
  2. In the
    Enter IdP code
    field, enter the IdP code provided to you by Support when federation was configured. For convenience, the screen displays the IdP code of the currently logged in user as well as any previously saved value.
    Click
    Save.
  3. To create a new role mapping,
    click the
    Add New
    button. The
    Federated User Role Mapping
    screen appears.
    1. Enter the name of the federated role to be mapped in the
      Federated Role Name
      field. To use an existing role: select it from the list of roles for the logged in user to copy it to the clipboard, and then paste it in the
      Role Name
      field.
    2. Use the controls under the
      User Roles
      heading to specify whether the user can manage other users (and for partners) whether the user can configure child customers.
    3. Click
      Use Standard Role
      or
      Create Custom Role
      and follow the steps on the screen to complete the role assignment.
  4. To change an existing role mapping,
    click
    Edit
    in the
    Action
    column to the right of the role summary. The
    Federated User Role Mapping
    screen appears.
    1. Enter the name of the federated role to be mapped in the
      Federated Role Name
      field. To use an existing role: select it from the list of roles for the logged in user to copy it to the clipboard, and then paste it in the
      Role Name
      field.
    2. Use the controls under the
      User Roles
      heading to specify whether the user can manage other users (and for partners) whether the user can configure child customers.
    3. Click
      Use Standard Role
      or
      Create Custom Role
      and follow the steps on the screen to complete the role assignment.
  5. Click
    Save and Exit
    at the bottom of the screen to save the new role mapping and the email access permissions that you have assigned to it.
See also