Planned Backwards Compatibility Changes

Overview

Mambu-SSO Role Mapping on User Provisioning

Description

Starting with V9, you can assign a Role to a newly provisioned user directly from the SSO, as long as the setup and the Mambu-SSO Role Mapping is done correctly. We are still keeping the option to manage Role assignments from Mambu UI and API as well, for a while.

As our mission is to make it easier to manage users and their roles from one point only, we encourage you to manage Users and Roles from your IdP of choice and kindly request you to create the Mambu-SSO Role Mapping by July 2019.

Workaround necessary in specific use cases
Until July 2019, as we want to make sure you have proper access to Mambu even if setup for Federated Authentication was done before V9 and the mapping of Roles is not yet done, keeping backwards compatibility is posing a minor stepback for the following use case:

• You first assign a Role to a user from the IdP
• When you remove that role, the user is left without an assigned Role in the IdP, and therefore
• The user will still have the same Mambu Access as before.

As a workaround, please create a "No Access" Role - to use for cases in which you want to remove the access of a user from the Mambu Platform temporarily.

If we were not to allow access to the Mambu platform without receiving a RoleID in the response, users without a Role assigned in the IdP would have instantly lost access to the platform, when V9 was released.

Please go to the respective support page to read more on Mambu-SSO Role Mapping on User Provisioning.

Please see the original email campaign on this topic here.