This article explains how to create users automatically based on their
Identity Provider (IdP) group assignment for the
Google Security Operations SOAR platform. This feature is only available when one
provider is defined.
The following steps assumes you are setting up the IdP group mapping
in the Google SecOps SOAR-only platform:
Select the IdP group mapping option to open an
advanced tab with more parameters. Fill out the parameters according to the fields
in the SAML provider you are using.
First Name Attribute: Name of the attribute that contains the
user's given name. For example, in Google Workspace the attribute is
called first name.
Last Name Attribute: Name of the attribute that contains the
user's family name. For example, in Google Workspace the attribute is
called last name.
Login ID Attribute: Name of the attribute that contains the
user's unique ID. For example, in Google Workspace the attribute is
called subject
Email Attribute: Name of the attribute that contains the user's
primary email address. For example, in Google Workspace the attribute is
called primary email
Group Name Attribute: Name of the attribute that contains the
groups to which the user belongs within the organization. For example,
in Google Workspace the attribute is
called groups.
Click
add
to open the IdP table.
Fill out the IdP group mapping table as follows. For each
IdP group that you've defined in your SAML provider, you need to assign a SOAR SOC role,
a permission group, and an environment or environment group. You can assign both environments and environment groups at the same time.
For more information about these fields, see
Control Access to platform.
When you're finished mapping the IdP groups, click Save.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis document explains how to automatically create users in the Google Security Operations SOAR platform based on their Identity Provider (IdP) group assignments.\u003c/p\u003e\n"],["\u003cp\u003eIdP group mapping is only available for standalone SOAR platforms with a single provider defined.\u003c/p\u003e\n"],["\u003cp\u003eSetting up IdP group mapping involves configuring attribute fields like First Name, Last Name, Login ID, Email, and Group Name within the platform's advanced settings.\u003c/p\u003e\n"],["\u003cp\u003eEach IdP group defined in your SAML provider must be mapped to a corresponding SOAR SOC role, permission group, and environment/environment group within the IdP group mapping table.\u003c/p\u003e\n"],["\u003cp\u003ePrior to configuring IdP group mapping, users should complete the instructions for authenticating users using SSO, as described in the external authentication documentation.\u003c/p\u003e\n"]]],[],null,["# IdP group mapping - SOAR only\n=============================\n\nSupported in: \n[SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\u003cbr /\u003e\n\n| **Note:** This document is for customers using the standalone SOAR platform only.\n\n\u003cbr /\u003e\n\nThis article explains how to create users automatically based on their\nIdentity Provider (IdP) group assignment for the\nGoogle Security Operations SOAR platform. This feature is only available when one\nprovider is defined.\n\nBefore you begin\n----------------\n\nRead through and complete the instructions in\n[Authenticate users using SSO](/chronicle/docs/soar/admin-tasks/saml-soar-only/external-authentication).\n\nSet up the IdP mapping groups\n-----------------------------\n\nThe following steps assumes you are setting up the **IdP group mapping**\nin the Google SecOps SOAR-only platform:\n\n1. Select the **IdP group mapping** option to open an advanced tab with more parameters. Fill out the parameters according to the fields in the SAML provider you are using.\n - **First Name Attribute** : Name of the attribute that contains the user's given name. For example, in Google Workspace the attribute is called **first name**.\n - **Last Name Attribute** : Name of the attribute that contains the user's family name. For example, in Google Workspace the attribute is called **last name**.\n - **Login ID Attribute** : Name of the attribute that contains the user's unique ID. For example, in Google Workspace the attribute is called **subject**\n - **Email Attribute** : Name of the attribute that contains the user's primary email address. For example, in Google Workspace the attribute is called **primary email**\n - **Group Name Attribute** : Name of the attribute that contains the groups to which the user belongs within the organization. For example, in Google Workspace the attribute is called **groups**.\n2. Click add to open the IdP table.\n3. Fill out the IdP group mapping table as follows. For each IdP group that you've defined in your SAML provider, you need to assign a SOAR SOC role, a permission group, and an environment or environment group. You can assign both environments and environment groups at the same time. For more information about these fields, see [Control Access to platform](/chronicle/docs/soar/admin-tasks/advanced/control-access-to-platform).\n4. When you're finished mapping the IdP groups, click **Save**.\n\n\u003cbr /\u003e\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
