Skip to main content
Language Selector

  1. Other Languages

    (machine translation)

Planview Customer Success Center

How do I set up SSO for my IdP system?

  1. Last updated
  2. Save as PDF

Last Updated:   |  Applicable Viz Versions: All

Answer

If you have already implemented Single Sign-On (SSO) for Viz, SSO for your Identity Provider (IdP) can be configured to manage user roles exclusively in your IdP system. Once configured, user roles will be communicated via SAML response attributes, enabling Viz to dynamically adjust the user interface and permissions upon each login.

Note: Once SSO for IdP is enabled, the 'Add new role,' 'Remove role,' and 'Bulk update' options in Viz will be disabled.

Supported User Roles

In your IdP system, you can assign users one or more of the following roles:

  • VizAdmin

  • VizExecutive

  • VizReadOnly

Note: Assigning roles to users in your IdP is entirely optional. If you choose not to assign any specific roles to a user, they will be granted 'Member' access by default.

Step 1: Contact Customer Care

1. If you already have SSO set up for Viz, contact the customer care team to inquire about adding SSO for your IdP system.

2. If you do not have SSO set up for Viz, contact the customer care team and follow the steps listed here to get started. 

Step 2: Configure Roles in your IdP

  1. Assign Roles: In your IdP system, assign users to one or more of the supported user roles (i.e., VizAdmin, VizExecutive, VizReadOnly).

  2. Prepare SAML Response: Ensure that the SAML response includes the assigned roles in the following attribute: <http://schemas.xmlsoap.org/claims/roles>

Step 3: Prepare SAML Response

When preparing the SAML response, ensure that the roles are embedded within the <http://schemas.xmlsoap.org/claims/roles> attribute. This attribute will be mapped to our internal role management system.