Before setting up the Tiled role and group attributes in your SAML provider, it's important to understand what this means for your account and what you can expect. Please review these commonly asked questions and scenarios for these attributes.
- Do I need to do anything on the Tiled side for this feature to work?
Yes. You must have 'SSO' and 'Just in time provisioning' set up in Tiled's account settings. - Is this feature specific to Okta?
No. This feature supports any SAML assertion identity provider. - Can I create new roles and groups from my identity provider?
No. You cannot create new roles or groups from your identity provider. User roles and groups must exist in Tiled before being referenced within your identity provider. - Are roles and groups case and space sensitive?
Yes. Similar to uploading users via CSV, roles and groups must be added to a user exactly how the roles and groups are created in Tiled. (Example: The role Admin is not the same as admin) - Are the role and group attributes dynamic?
Yes. You can change a user's role or group more than once. The changes made would be reflected the next time the user logs into Tiled. - If my role or group has changed, will I see the update on the mobile app?
If you log into the mobile app since the change, you will not see the role or group update.
You must log into Tiled via the desktop or mobile web first to see the change reflected in the mobile app.
User Scenarios
In Okta | In Tiled | Behavior | |
1 | User exists with a group/role | User doesn’t exist in Tiled | User should be created and added to group/role defined in Okta |
2 | User exists with a group/role that does not exist in Tiled | User exists with group/role in Tiled | Nothing happens in Tiled |
3 | User exists with a group/role that does not exist in Tiled | User logs into Tiled the first time |
User should be created and added to the default* group/role in Tiled *default group and role are defined on the Tiled account settings page |
4 | User exists without group/role | User doesn’t exist in Tiled |
User should be created and added to the default* group/role in Tiled *default group and role are defined on the Tiled account settings page |
5 | User exists without group/role | User exists in Tiled | Nothing happens in Tiled |
6 | User exists with a group/role | User exists with the same group/role in Tiled | Nothing happens in Tiled |
7 | User exists with a group/role | User exists with a different group/role in Tiled | User's group/role is updated in Tiled based on the values from Okta |
8 | User doesn’t exist | User doesn’t exist | Nothing happens in Tiled |
9 | User doesn’t exist | User exists | Nothing happens in Tiled |