{"id":15055,"date":"2018-04-11T10:54:47","date_gmt":"2018-04-11T10:54:47","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?page_id=15055"},"modified":"2022-06-23T10:38:28","modified_gmt":"2022-06-23T17:38:28","slug":"saml-sso-multiple-groups-support","status":"publish","type":"docs","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/","title":{"rendered":"SAML SSO | Multiple Groups Support"},"content":{"rendered":"<p><strong>Applies to:<\/strong> Transact version 4.5.0.0 or newer.<\/p>\n<p>Ephesoft Transact supports multiple groups that can be assigned and used in the SSO authentication process. Multiple groups are supported only if the <strong>Authentication Type <\/strong>is defined as<strong> 2<\/strong> in the <strong>web.xml<\/strong> file (&lt;Ephesoft Installation Directory&gt;\\Application\\WEB-INF), i.e. when SSO covers both, authentication and authorization.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15056\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-59.png\" width=\"742\" height=\"329\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-59.png 1045w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-59-300x133.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-59-768x340.png 768w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-59-1024x453.png 1024w\" sizes=\"(max-width: 742px) 100vw, 742px\" \/><\/p>\n<p>Starting with this application release, the following roles are defined by default and considered while doing authorization based on SAML response:<\/p>\n<p><strong>Super-Admin<\/strong>: <em>EPHESOFT-SYSTEMADMINISTRATOR<\/em> and <em>Infor-SystemAdministrator<\/em>. The users with these roles have administrative privileges and have access to all pages:<\/p>\n<ul>\n<li>ReviewValidate<\/li>\n<li>BatchList<\/li>\n<li>WebScanner<\/li>\n<li>UploadBatch<\/li>\n<li>BatchClassManagement<\/li>\n<li>BatchInstanceManagement<\/li>\n<li>FolderManagement<\/li>\n<li>Reporting<\/li>\n<li>SystemConfiguration<\/li>\n<\/ul>\n<p><strong>Administrator<\/strong>: <em>Ephesoft-Administrator<\/em>. The users with this role have access to all pages except SystemConfiguration.html page (only the batch classes assigned to these groups will be accessible):<\/p>\n<ul>\n<li>ReviewValidate<\/li>\n<li>BatchList<\/li>\n<li>WebScanner<\/li>\n<li>UploadBatch<\/li>\n<li>BatchClassManagement<\/li>\n<li>BatchInstanceManagement<\/li>\n<li>FolderManagement<\/li>\n<li>Reporting<\/li>\n<\/ul>\n<p><strong>Operator<\/strong>: <em>Ephesoft-User<\/em>. The users with this role have access only to Operator Pages (only the batch classes assigned to these groups will be accessible):<\/p>\n<ul>\n<li>ReviewValidate<\/li>\n<li>BatchList<\/li>\n<li>WebScanner<\/li>\n<li>UploadBatch<\/li>\n<\/ul>\n<p><em>Note: The roles are case-insensitive.<\/em><\/p>\n<p><strong>Super-Admin groups<\/strong> are defined in the <strong>application.properties<\/strong> file, while <strong>Admin and Operator groups<\/strong> are specified in the <strong>web.xml<\/strong> file (see the configuration procedure <a href=\"#post-15055-config\">below<\/a>).<\/p>\n<p>&nbsp;<\/p>\n<h4><strong>Changes in the Database<\/strong><\/h4>\n<p>The new groups as well as their associated privileges can be added to the Ephesoft Transact database (MariaDB, MS SQL, Oracle) as illustrated below.<\/p>\n<p><img decoding=\"async\" width=\"1676\" height=\"577\" class=\"wp-image-15057\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-60.png\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-60.png 1676w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-60-300x103.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-60-768x264.png 768w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-60-1024x353.png 1024w\" sizes=\"(max-width: 1676px) 100vw, 1676px\" \/><\/p>\n<p>Ephesoft Transact will read all groups as values separated by the user defined delimiter (coma by default) in the \u201cGROUP_USER\u201d header to support the Multiple Groups functionality.<\/p>\n<p>&nbsp;<\/p>\n<h4><strong>Changes in the web.xml file<\/strong><\/h4>\n<p>A new section has been added to the <strong>web.xml<\/strong> file to implement Multiple Groups functionality.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15058\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-61.png\" width=\"741\" height=\"436\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-61.png 1097w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-61-300x176.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-61-768x452.png 768w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-61-1024x602.png 1024w\" sizes=\"(max-width: 741px) 100vw, 741px\" \/><\/p>\n<p>The section includes the following parameters:<\/p>\n<table border=\"1\">\n<tbody>\n<tr>\n<td style=\"padding: 5px\" width=\"160\"><strong>Parameter Name<\/strong><\/td>\n<td style=\"padding: 5px\" width=\"180\"><strong>Default Parameter Value<\/strong><\/td>\n<td style=\"padding: 5px\"><strong>Description<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 5px\">isMultipleGroupsAllowed<\/td>\n<td style=\"padding: 5px\">false<\/td>\n<td style=\"padding: 5px\">Can be true or false. Will be used to decide whether to search for multiple groups or not. If false, only the first group will be considered.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 5px\">AdminGroups<\/td>\n<td style=\"padding: 5px\">Ephesoft-Administrator<\/td>\n<td style=\"padding: 5px\">Comma separated list of all Admin Groups. The users with these groups can access all Ephesoft pages except System Configuration.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 5px\">OperatorGroups<\/td>\n<td style=\"padding: 5px\">Ephesoft-User<\/td>\n<td style=\"padding: 5px\">Comma separated list of all Operator Groups. The users with these groups can access all Ephesoft pages except System Configuration.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 5px\">groupNameDelimiter<\/td>\n<td style=\"padding: 5px\">;<\/td>\n<td style=\"padding: 5px\">The separator based on which incoming groups should be split.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><a id=\"post-15055-config\"><\/a><strong>To configure the Multi-Group functionality:<\/strong><\/p>\n<p>1. Make sure that <strong>Authentication Type<\/strong> is defined as <strong>2<\/strong> in the <strong>web.xml <\/strong>file.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15059\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-62.png\" width=\"745\" height=\"330\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-62.png 1045w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-62-300x133.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-62-768x340.png 768w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-62-1024x453.png 1024w\" sizes=\"(max-width: 745px) 100vw, 745px\" \/><\/p>\n<p>2. Define your groups and corresponding privileges in the Ephesoft Transact database (or use the groups provided by default).<\/p>\n<p><img decoding=\"async\" width=\"1676\" height=\"577\" class=\"wp-image-15060\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-63.png\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-63.png 1676w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-63-300x103.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-63-768x264.png 768w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-63-1024x353.png 1024w\" sizes=\"(max-width: 1676px) 100vw, 1676px\" \/><\/p>\n<p>3. Uncomment and set the \u201c<strong>isMultipleGroupsAllowed<\/strong>\u201d parameter to <strong>true<\/strong> in the <strong>web.xml<\/strong> file (&lt;Ephesoft Installation Directory&gt;\\Application\\WEB-INF). Ephesoft Transact will first refer to this parameter to handle all possible multi-group cases.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15061\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-64.png\" width=\"735\" height=\"100\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-64.png 910w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-64-300x41.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-64-768x104.png 768w\" sizes=\"(max-width: 735px) 100vw, 735px\" \/><\/p>\n<p>4. In the same file, uncomment and define \u201c<strong>AdminGroups<\/strong>\u201d and \u201c<strong>OperatorGroups<\/strong>\u201d parameters (specify the required groups as configured in the database). These parameters are used to determine any Admin\/Operator groups present in the incoming request. All the matched groups privileges will be accordingly applied to the user.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15062\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-65.png\" width=\"739\" height=\"196\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-65.png 909w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-65-300x79.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-65-768x203.png 768w\" sizes=\"(max-width: 739px) 100vw, 739px\" \/><\/p>\n<p>5. Uncomment and define \u201c<strong>groupNameDelimiter<\/strong>\u201d parameter in the same file.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15063\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-66.png\" width=\"737\" height=\"89\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-66.png 860w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-66-300x36.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-66-768x92.png 768w\" sizes=\"(max-width: 737px) 100vw, 737px\" \/><\/p>\n<p>6. Define Super-Admin groups in the <strong>application.properties <\/strong>file (&lt;Ephesoft Installation Directory&gt;\\Application\\WEB-INF\\classes\\META-INF) using the \u201c<strong>user.super_admin<\/strong>\u201d parameter.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15064\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-67.png\" width=\"740\" height=\"56\" \/><\/p>\n<p>If there are several Super -Admin groups, they need to be separated by double semi-colon (;;). For example, user.super_admin= EPHESOFT-SYSTEMADMINISTRATOR;; Infor-SystemAdministrator.<\/p>\n<p>If access to the Ephesoft Transact Pages needs to be changed for any group, it can be done by the Super-Admin group user via the System Configuration screen (see <a href=\"https:\/\/ephesoft.com\/docs\/access-manager\">Access Manager<\/a>).<\/p>\n<p><img decoding=\"async\" width=\"1917\" height=\"899\" class=\"wp-image-15065\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-68.png\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-68.png 1917w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-68-300x141.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-68-768x360.png 768w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-68-1024x480.png 1024w\" sizes=\"(max-width: 1917px) 100vw, 1917px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Now, let us consider several possible scenarios. Suppose, the database contains the following details:<\/p>\n<p><strong>Security Groups: <\/strong><\/p>\n<p><img decoding=\"async\" class=\"wp-image-15066\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-69.png\" width=\"618\" height=\"81\" \/><\/p>\n<p><strong>Security User: <\/strong><\/p>\n<p><img decoding=\"async\" width=\"434\" height=\"19\" class=\"wp-image-15067\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-70.png\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-70.png 434w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-70-300x13.png 300w\" sizes=\"(max-width: 434px) 100vw, 434px\" \/><\/p>\n<p><strong>Authorized Resources:<\/strong><\/p>\n<p><img decoding=\"async\" class=\"wp-image-15068\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-71.png\" width=\"621\" height=\"248\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-71.png 711w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-71-300x119.png 300w\" sizes=\"(max-width: 621px) 100vw, 621px\" \/><\/p>\n<p>Here, we will consider two scenarios, where<\/p>\n<ul>\n<li>\u201cisMultipleGroupsAllowed\u201d property in the web.xml is set as TRUE<\/li>\n<li>\u201cisMultipleGroupsAllowed\u201d property in the web.xml is set as FALSE<\/li>\n<\/ul>\n<p><strong>Scenario 1:<\/strong><\/p>\n<p><strong><em>The \u201cisMultipleGroupsAllowed\u201d parameter in web.xml is set to TRUE.<br \/>\nSuper-Admin groups are defined as: EPHESOFT-SYSTEMADMINISTRATOR,Infor-SystemAdministrator.<br \/>\nAdmin group is defined as: Ephesoft-Administrator.<br \/>\nOperator group is defined as: Ephesoft-User<\/em><\/strong><\/p>\n<p><strong>Case 1:<\/strong><\/p>\n<p>Only the Operator group is present in the SAML response<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: Ephesoft-User<\/p>\n<p>Output:<\/p>\n<p>The user has access to the privileges as per the input group (all Operator pages)<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15069\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-72.png\" width=\"320\" height=\"452\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-72.png 387w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-72-213x300.png 213w\" sizes=\"(max-width: 320px) 100vw, 320px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Case 2:<\/strong><\/p>\n<p>Only Admin group is present in the SAML response<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: Ephesoft-Administrator<\/p>\n<p>Output:<\/p>\n<p>The user has access to the privileges as per the input group (all Admin and Operator pages)<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15070\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-73.png\" width=\"320\" height=\"443\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-73.png 424w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-73-217x300.png 217w\" sizes=\"(max-width: 320px) 100vw, 320px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Case 3:<\/strong><\/p>\n<p>Only the Super-Admin group is present in the SAML response<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: EPHESOFT- SYSTEMADMINISTRATOR<\/p>\n<p>Output:<\/p>\n<p>The user has access to the privileges as per the input group (all pages including the System Configuration screen)<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15071\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-74.png\" width=\"320\" height=\"524\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-74.png 401w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-74-183x300.png 183w\" sizes=\"(max-width: 320px) 100vw, 320px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Case 4:<\/strong><\/p>\n<p>All groups are present in the SAML response<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: Ephesoft-User,EPHESOFT-SYSTEMADMINISTRATOR,Ephesoft-Administrator<\/p>\n<p>Output:<\/p>\n<p>The user has access to all Super-Admin privileges (all pages including the System Configuration screen)<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15072\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-75.png\" width=\"321\" height=\"526\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-75.png 401w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-75-183x300.png 183w\" sizes=\"(max-width: 321px) 100vw, 321px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Case 5:<\/strong><\/p>\n<p>Admin and Operator groups are present in the SAML response<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: Ephesoft-User,Ephesoft-Administrator<\/p>\n<p>Output:<\/p>\n<p>The user has access to the privileges of both groups (Admin and Operator pages)<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15073\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-76.png\" width=\"319\" height=\"441\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-76.png 424w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-76-217x300.png 217w\" sizes=\"(max-width: 319px) 100vw, 319px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Case 6:<\/strong><\/p>\n<p>The group delimiter in web.xml is changed to semi-colon (;)<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: Ephesoft-User;Ephesoft-Administrator<\/p>\n<p>Output:<\/p>\n<p>The user has access to privileges of both the groups (Admin and Operator pages)<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15074\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-77.png\" width=\"320\" height=\"443\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-77.png 424w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-77-217x300.png 217w\" sizes=\"(max-width: 320px) 100vw, 320px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Case 7:<\/strong><\/p>\n<p>The user can see only those Batch Classes that have been assigned to the input role<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: Ephesoft-User<\/p>\n<p>Output:<\/p>\n<p>The user has no access to BC7 batch classes as it is not provided access by admin on the Batch Class Management screen<\/p>\n<p><img decoding=\"async\" width=\"1477\" height=\"301\" class=\"wp-image-15075\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-78.png\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-78.png 1477w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-78-300x61.png 300w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-78-768x157.png 768w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-78-1024x209.png 1024w\" sizes=\"(max-width: 1477px) 100vw, 1477px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Scenario 2:<\/strong><\/p>\n<p><strong><em>The \u201cisMultipleGroupsAllowed\u201d parameter in web.xml is set to FALSE.<\/em><\/strong><\/p>\n<p><strong>Case 1:<\/strong><\/p>\n<p>One group is present in the SAML response<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: Ephesoft-User<\/p>\n<p>Output:<\/p>\n<p>The user has access to the privileges as per the input group (all Operator pages)<\/p>\n<p><strong><img decoding=\"async\" class=\"wp-image-15076\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-79.png\" width=\"321\" height=\"453\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-79.png 387w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-79-213x300.png 213w\" sizes=\"(max-width: 321px) 100vw, 321px\" \/><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Case 2:<\/strong><\/p>\n<p>More than one group is present in the SAML Response<\/p>\n<p>Input:<\/p>\n<p>User name: Sukriti<br \/>\nGroup: Ephesoft-User,Ephesoft-Administrator<\/p>\n<p>Output:<\/p>\n<p>The user is not authorized, as &#8220;Ephesoft-User, Ephesoft-Administrator&#8221; is saved as a single entity in the security_group database table.<\/p>\n<p><img decoding=\"async\" class=\"wp-image-15077\" style=\"border: 2px solid #A9A9A9;padding: 1px;margin: 2px\" src=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-80.png\" width=\"481\" height=\"226\" srcset=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-80.png 671w, https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-80-300x140.png 300w\" sizes=\"(max-width: 481px) 100vw, 481px\" \/><\/p>\n","protected":false},"featured_media":0,"parent":47681,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","doc_tag":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v19.0 (Yoast SEO v22.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SAML SSO | Multiple Groups Support | Ephesoft Docs<\/title>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAML SSO | Multiple Groups Support\" \/>\n<meta property=\"og:description\" content=\"Applies to: Transact version 4.5.0.0 or newer. Ephesoft Transact supports multiple groups that can be assigned and used in the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/\" \/>\n<meta property=\"og:site_name\" content=\"Ephesoft Docs\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-23T17:38:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-59.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/\",\"url\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/\",\"name\":\"SAML SSO | Multiple Groups Support | Ephesoft Docs\",\"isPartOf\":{\"@id\":\"https:\/\/ephesoft.com\/docs\/#website\"},\"datePublished\":\"2018-04-11T10:54:47+00:00\",\"dateModified\":\"2022-06-23T17:38:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ephesoft.com\/docs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Transact\",\"item\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"System Configuration\",\"item\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"User Connectivity\",\"item\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Single Sign-On Resources\",\"item\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/\"},{\"@type\":\"ListItem\",\"position\":6,\"name\":\"SAML SSO | Multiple Groups Support\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ephesoft.com\/docs\/#website\",\"url\":\"https:\/\/ephesoft.com\/docs\/\",\"name\":\"Ephesoft Docs\",\"description\":\"Intelligent Document Processing Made Easy\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ephesoft.com\/docs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAML SSO | Multiple Groups Support | Ephesoft Docs","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"SAML SSO | Multiple Groups Support","og_description":"Applies to: Transact version 4.5.0.0 or newer. Ephesoft Transact supports multiple groups that can be assigned and used in the [&hellip;]","og_url":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/","og_site_name":"Ephesoft Docs","article_modified_time":"2022-06-23T17:38:28+00:00","og_image":[{"url":"https:\/\/ephesoft.com\/docs\/wp-content\/uploads\/2018\/04\/word-image-59.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/","url":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/","name":"SAML SSO | Multiple Groups Support | Ephesoft Docs","isPartOf":{"@id":"https:\/\/ephesoft.com\/docs\/#website"},"datePublished":"2018-04-11T10:54:47+00:00","dateModified":"2022-06-23T17:38:28+00:00","breadcrumb":{"@id":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/saml-sso-multiple-groups-support\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ephesoft.com\/docs\/"},{"@type":"ListItem","position":2,"name":"Transact","item":"https:\/\/ephesoft.com\/docs\/products\/transact\/"},{"@type":"ListItem","position":3,"name":"System Configuration","item":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/"},{"@type":"ListItem","position":4,"name":"User Connectivity","item":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/"},{"@type":"ListItem","position":5,"name":"Single Sign-On Resources","item":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/"},{"@type":"ListItem","position":6,"name":"SAML SSO | Multiple Groups Support"}]},{"@type":"WebSite","@id":"https:\/\/ephesoft.com\/docs\/#website","url":"https:\/\/ephesoft.com\/docs\/","name":"Ephesoft Docs","description":"Intelligent Document Processing Made Easy","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ephesoft.com\/docs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"comment_count":0,"_links":{"self":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/15055"}],"collection":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/comments?post=15055"}],"version-history":[{"count":2,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/15055\/revisions"}],"predecessor-version":[{"id":51426,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/15055\/revisions\/51426"}],"up":[{"embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/47681"}],"next":[{"title":"SSO | CAS-Based SSO Framework","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/sso-cas-based-sso-framework\/","href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/15018"}],"prev":[{"title":"Manually Configuring SAML 2.0 SSO for Ephesoft Transact 4.5.0.x and 2019.1","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/configuring-saml-sso\/","href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/15952"}],"wp:attachment":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/media?parent=15055"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/doc_tag?post=15055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}