Improved support for SSO roles and access control

We’ve made some improvements to the SAML SSO implementation to allow passing roles through SAML attributes and enforcing the presence of a valid role.

Previously, passing application roles from the Identity Provider to DMARCwise was only possible/documented when using Microsoft Entra ID.

Now it’s possible to use the custom SAML response attribute named urn:dmarwise:role to pass a role. DMARCwise will automatically assign and synchronize the role when the user logs in to DMARCwise with SSO.

In addition to this, it’s now possible to require the presence of a valid role attribute for every login. This is useful when using Identity Providers that don’t have an easy way to restrict who can use applications out of the box (e.g. Keycloak): users without a valid role attribute won’t be able to log in to DMARCwise when the option is enabled.

To learn more about roles and access control, read the updated SSO documentation page.

You can also refer to the updated Keycloak setup guide.