Associating Prysm permission groups and identity provider groups
Note: These instructions pertain to Step 3 of the overall identity provider process.
You can use identity provider groups to manage access by specific application. Then you map the identity provider groups to Prysm permission groups. This enables you to easily use identity provider groups to assign specific privileges for Prysm.
Tip: Group mapping is effective only when auto provisioning is enabled. If auto provisioning is disabled, you must manually add users to Permission Groups in Prysm.
Also, note that group mapping is not supported for G Suite and Salesforce.
Also, note that group mapping is not supported for G Suite and Salesforce.
Prysm has two default permission groups with the following capabilities:
- Basic_User: Basic users can use Prysm to collaborate on assets and content.
- Org_Admin: Org Admins can manage licenses, users, groups, and permissions.
To associate your identity provider groups with Prysm permission groups:
-
Create groups in your identity provider. For details, see the following topics:
- ADFS and Azure Active Directory: Groups
- Okta: Groups
- Ping: Identity mapping
- If desired, create new permission groups for your Prysm account (see Permission groups).
- Include the groups when configuring a specific identity provider to work with Prysm (see Step 2 of the overall identity provider process).
- When you associate identity provider groups with Prysm permission groups, when a user signs in to Prysm using their company-issued identity provider credentials, they are granted all of the privileges in their Prysm Permission Group through that sign-in.
- Continue at Step 4 of the overall identity provider process.