Same questions expanded:
- after the first SSO user presents a claim for a group, are all existing group members removed at once?
- will SSO users remain members of groups where no claim has been presented?
- to revert to manual management of a group, is it enough to stop presenting that group as a SAML claim? i.e. can we immediately populate groups manually again, or some other action required first?
Thanks, I did not see the Team Settings Release Notes previously.
The documentation implies that groups are matched with the SAML claim name, so that existing groups will become "managed", and non-existing groups will be created. From that, I understand that SSO users will remain in a Celonis group, as long as no other user presents a claim for that group.
What is not explicit is if the SAML <-> Celonis groups are matched only by text name, and if I can therefore simply rename the Celonis group to quickly enable/disable SAML JIT management of that group.
The goal is to know if I can incrementally apply and roll-back SAML JIT management myself, or if I will need assistance from Celonis.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
