Restorepoint Dynamic Role and Domain Assignment via SAML SSO using Microsoft Azure
Currently in Restorepoint you have have users authenticate via SAML SSO using Microsoft Azure. Per the documentation, [Restorepoint] - How to set up SAML SSO - Microsoft Azure, users are able to authenticate but they cannot log into Restorepoint until an Administrator manually assigns a role to them. Does anybody know of a way to do this currently or is this going to need to be submitted to the Ideas Hub area?
OK, so after playing around for a bit I kind of figured out a hacky work around by adding a groups claim in Azure, screenshot below.
From there, I updated the SAML config in Restorepoint to have the Groups Claim reflect the name groups that was returned.
Then, I had to go into the Users section and add in a mapping with the SAML Groups section for a Group within the Entra ID to a Role and Domain. The thing to keep in mind wen setting this up, you have to get the Name and Object ID exactly as it appears in Azure from the Users and Groups section inside the Enterprise Application. Inside that section, click on the group name that you want to map and it will open a new page. Grab the display name and Object ID and then put that on the Restorepoint side and map it to a Role and Domain. Should work for now until something can be updated for using an actual Role passed back instead, which would be preferred.