/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
For a Signavio Workspace, Single Sign-On (SSO) has been enabled.
Users are able to login via SSO.
However, the Signavio Groups that have been implemented on the IdP side, are not being copied to Signavio.
Signavio Groups are implemented by configuring the IdP so that it sends the signavio_groups_v1 attribute.
Cause
Just-In-Time (JIT) provisioning has not been enabled on the Signavio Workspace.
When JIT is enabled, among other actions it will use the signavio_groups_v1 attribute contained in the SAML being passed from the IdP.
If JIT is not turned on, then the signavio_groups_v1 attribute is ignored.
Resolution
Turn on Just-In-Time (JIT) provisioning for the Signavio Workspace.
- In the explorer, click Setup > Manage SAP Signavio Process Collaboration Hub authentication.
- To enable just-in-time provisioning using SAML, select Create new user accounts automatically.
This option also means that the signavio_groups_v1 attribute will be used, when it is passed in the SAML from the IdP. - Confirm with Save settings and close the dialog.
See Also
Keywords
KBA , BPI-SIG-CA-SEC , Workspace Security for SAP Signavio Transformation Suite , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)