Once you have the Enabled MyAccess sign-on you can create roles based on information in the MyAccess.
The simplest way to create roles is with the persons email.
Create the Role
- Create the role you want to assign at http://mysite.ucsf.edu/admin/people/permissions/roles
- Note the role number. You can see the role number in the URL if you edit the role.
Where to add rules
- Go to http://mysite.ucsf.edu/admin/config/people/simplesamlphp_auth
- Go to the Add Automatic role population from simpleSAMLphp attributes field
Assigning a role to one person
Let say you want to assign Jane Doe (email of firstname.lastname@example.org) the role of a admin (role number 16) when she logins in with MyAccess. Add the following rule to the Add Automatic roles from simpleSAMLphp attributes
Assigning the UCSF role (26) a role to everyone with a similar email.
If you want to add everyone with an email then ends with ucsf.edu to the UCSF role add the following role.
The above rule would add access to everyone with a ucsf.edu email address.
To add all ucsf and medical center emails to the UCSF role (26) use the following rule:
Note the examples above might not match the numeric values of roles on your site.
|Function||What it does|
||||inserts an "or" statement|
Assign Role 26 if the email is like ucsf.edu.