Setting up group permissions in your LibAuth configuration

With group permissions, you can further restrict access to only certain groups of users. For example, you could create a group that applies to only faculty users. When you apply that group to a category of spaces, then only faculty would be able to book those spaces. You can currently create group permissions for the following authentication types:

  • SAML
  • Shibboleth
  • ADFS
  • CAS
  • SIP2

Each group you create can check one or more attributes from your authentication system. If a user meets one of the allowed values, then authentication will be successful.

Getting there

  1. From the LibApps Dashboard, go to Admin > LibAuth Authentication.
  2. Click on the Edit () icon in the Action column for the configuration you want to manage.
  3. Click on the Group Permissions tab.

Editing a LibAuth configuration

Clicking the Group Permissions tab

Adding a group

  1. Click on the Add Group button.
  2. Give your group a descriptive name.
  3. Enter the name of the first attribute you want to check against. Your IT staff can provide you with the name of specific attributes in your authentication system.
  4. Enter one or more acceptable values for that attribute (one per line). Again, your IT staff can provide you with the names of allowed values for a particular attribute.
    1. Alternatively, click on the Select CSV button to upload a CSV file containing the allowed values. This CSV file should contain a single column, with one value per line.
    2. You can also specify the URL of a hosted CSV file, instead of uploading it. 
  5. To add additional attributes to this rule, click the Add Attribute button and repeat Steps 3-4.
    • Remember: for authentication to be successful, a user just has to match an allowed value for any one of the attributes.
  6. Save your changes.

Screenshot of the Add Group button

Adding new group permissions 

Managing groups

  1. To verify that your group is working as expected, click on the Test Group button.
    • You will then be prompted to sign into your authentication system.
    • Once you're signed in, you'll be presented with debug info confirming whether or not you met the group requirement.
  2. To modify your group's configuration, click on the Edit Group button.
  3. To permanently remove a group, click on the Delete Group button.

Example of options for managing a group 

Related Articles