With Altamira HRM you can enable group syncronization when using single sign on. With group synchronization Altamira HRM will look for groups in the Name of the claim containing the users groups SAML claim. Toghether with self provisioning this allows IT Administrators to centrally manage users and permssions: once a user has been created at the identity provider they will be able to access Altamira HRM directly with no further configuration.
Group syncronization is optional: if you do not configure group synchronization then you can use Altamira local groups to establish group membership.
To enable group synchronization you need to:
- check the Synchronize groups checkbox in the SAML configuration
- type the full name of the claim in the Name of the claim containing the users groups
You must then configure your identity provider to send group claims in the SAML response. This varies from provider to provider: you can find instructions on how to do this for Microsoft 365 and Microsoft Windows ADFS.
If you configure your IdP to send Group IDs (this is recommended so that if you change a the name of a group in your IdP this will not affect Altamira) then you can import group names from your IdP.
To do this:
- in the SAML configuration click on Actions\Import groups
- Click on Download template to download an Excel file to use as a template for importing group names
- Extract the group IDs/group names from your IdP and put them in the Excel file using the format provided
- Click on Choose file to upload the group IDs/group names file into Altamira HRM
- Click on Import