Creating Automated Roles with MyAccess

Once you have the Enabled MyAccess sign-on you can create roles based on information in the MyAccess.

The simplest way to create roles is with the persons email.

Create the Role

    1. Create the role you want to assign at
    2. Note the role number. You can see the role number in the URL if you edit the role.

Where to add rules

    1. Go to
    2. Go to the Add Automatic role population from simpleSAMLphp attributes field

Assigning a role to one person

Let say you want to assign Jane Doe (email of the role of a admin (role number 16) when she logins in with MyAccess. Add the following rule to the Add Automatic roles from simpleSAMLphp attributes


Assigning the UCSF role (26) a role to everyone with a similar email.

If you want to add everyone with an email then ends with to the UCSF role add the following role.


The above rule would add access to everyone with a email address.

To add all ucsf and medical center emails to the UCSF role (26) use the following rule:


Note the examples above might not match the numeric values of roles on your site.

Syntax Tips

Function What it does
| inserts an "or" statement
@ exact match
@= like match

Basic Syntax


Code Example:


English Translation:

Assign Role 26 if the email is like