Mapping IDP SSO Groups to Bigeye Groups

As an alternative to manually configuring user permissions, you can map SSO identity provider groups to Bigeye groups to streamline onboarding new users.

Pre-requirements:

  • Have the admin role. Only Bigeye admins can map identity provider groups to Bigeye groups.
  • SSO should already be enabled in Bigeye.
  • Identity provider group mapping should already be enabled in Bigeye.
  • Your SSO should have IDP groups enabled and mapped to users internally. If you are using a newer Open ID Connect connection, ensure that your connection is configured to require the "groups" scope. If you are using an older SSO connection based off of Auth0, please reach out to Bigeye to enable groups collection in your connection.

Mapping Groups

To begin mapping identity provider groups to Bigeye groups, select Settings and Groups from the left navigation.

On the groups page, create a new group or edit an existing group and add the identity provider group(s) you would like to associate with the group using the identity provider groups dropdown.

Click save. The identity provider groups you have selected should appear in the corresponding column on the groups page. Users with those identity provider groups should instantly appear in the Bigeye group after mapping is completed.

📘

The IDP Groups list is pre-populated.

Note that the identity provider groups dropdown is pre-populated with a list of the identity provider groups that have been observed for your company’s Bigeye users. These groups will show up approximately 60-90 minutes after you have configured your SSO to return identity provider groups in its identity tokens or if a user has logged out and back in to Bigeye.

Viewing User Identity Provider Group Associations

Users can view the identity provider groups associated with any user or group by reviewing the Identity Provider Groups column on the Users or Groups page.