Navigation

Manage Organization Mapping for Federated Authentication

When you map organizations to your Identity Provider, Atlas grants users who authenticate through the IdP membership in the selected organizations. You can give these users a default role in the mapped organizations. Organization mapping lets you configure a single IdP to grant users access to multiple Atlas organizations.

You can apply the same IdP to multiple organizations. You can assign each organization a single IdP.

Prerequisites

To complete this tutorial, you must have already linked an IdP to Atlas and mapped one or more domains to that IdP. For instructions on these procedures, see:

Federation Management Access

You can manage federated authentication from the Federation Management Console. You can access the console as long as you are an Organization Owner in one or more organizations that are delegating federation settings to the instance.

Map an Organization to your Identity Provider

Open the Federation Management Console

  1. Log in to Atlas.
  2. From the Context dropdown in the left navigation, select the organization for which you want to manage federation settings.
  3. Click Settings in the left navigation.
  4. In Manage Federation Settings, click Visit Federation Management App.

Connect an Organization to the Federation Application

  1. Click View Organizations.

    Atlas displays all organizations where you are an Organization Owner.

    Organizations which are not already connected to the Federation Application have Connect button in the Actions column.

  2. Click the desired organization’s Connect button.

After you connect the organization to the Federation Application, apply an IdP to the organization.

Apply an Identity Provider to the Organization

From the Organizations screen in the management console:

  1. Click the Name of the organization you want to map to an IdP.

  2. On the Identity Provider screen, click Apply Identity Provider.

    Atlas directs you to the Identity Providers screen which shows all IdPs you have linked to Atlas.

  3. For the IdP you want to apply to the organization, click Modify.

  4. At the bottom of the Edit Identity Provider form, select the organizations to which this IdP applies.

  5. Click Next.

  6. Click Finish.

Verify the Connection between your Organization and your IdP

  1. Click Organizations in the left navigation.
  2. In the list of Organizations, ensure that your desired organization(s) now have the expected Identity Provider.

Select a Default User Role for the Organization

You can have Atlas grant users who authenticate through the IdP a default role in a mapped organization. You can select different roles for different organizations.

Note

The selected role only applies to users who authenticate through the IdP if they do not already have a role in the organization.

Procedure

  1. In the Federation Management Console, click Organizations in the left navigation.
  2. Click the Name of the organization for which you want to assign default permissions.
  3. In the Default User Role dropdown, select the desired role. To remove a default user role, click the times circle icon next to the dropdown.

Change an Organization’s Mapped Identity Provider

Reconfigure your IdP to change the organizations to which it’s mapped.

Unmap the Current Identity Provider

  1. Click Organizations in the left navigation.
  2. Click the Identity Provider of the organization whose IdP you wish to change.
  3. Click Modify for the IdP which is currently mapped to the organization.
  4. At the bottom of the Edit Identity Provider form, deselect the organization.
  5. Click Next.
  6. Click Finish.

Map the New Identity Provider

  1. Click Modify for the IdP you want to map to the organization.
  2. At the bottom of the Edit Identity Provider form, select the organization.
  3. Click Next.
  4. Click Finish.

Disconnect an Organization from the Federation Application

When you disconnect an organization from the Federation Application, Atlas no longer grants membership or a default organization role to users who authenticate through the IdP.

From the Federation Management Console:

  1. Click View Organizations.
  2. Open the Actions dropdown for the organization you want to disconnect.
  3. Click Disconnect.
  4. Click Confirm.