Planned Backwards Compatibility Changes
- Updated on 22 Jul 2019
- 1 minute to read
|Change||Reference ID||Backwards compatible until|
|Mambu-SSO Role Mapping on User Provisioning||TCS-83||June 21st, 2019|
Mambu-SSO Role Mapping on User Provisioning
Starting with V9, you can assign a Role to a newly provisioned user directly from the SSO, as long as the setup and the Mambu-SSO Role Mapping is done correctly. We are still keeping the option to manage Role assignments from Mambu UI and API as well, for a while.
As our mission is to make it easier to manage users and their roles from one point only, we encourage you to manage Users and Roles from your IdP of choice and kindly request you to create the Mambu-SSO Role Mapping by July 2019.
Workaround necessary in specific use cases
Until July 2019, as we want to make sure you have proper access to Mambu even if setup for Federated Authentication was done before V9 and the mapping of Roles is not yet done, keeping backwards compatibility is posing a minor stepback for the following use case:
- You first assign a Role to a user from the IdP
- When you remove that role, the user is left without an assigned Role in the IdP, and therefore
- The user will still have the same Mambu Access as before.
As a workaround, please create a "No Access" Role - to use for cases in which you want to remove the access of a user from the Mambu Platform temporarily.
If we were not to allow access to the Mambu platform without receiving a RoleID in the response, users without a Role assigned in the IdP would have instantly lost access to the platform, when V9 was released.
Please go to the respective support page to read more on Mambu-SSO Role Mapping on User Provisioning.
Please see the original email campaign on this topic here.
|Reference ID||Deployment date||Deployment version||Backwards compatible until||Impacted Area(s)||Tenant action required|
|TCS-83||January 20th, 2019 on Production||V9||July 31st, 2019||User Authentication||Potential|