You can set up multiple roles for use with Single Sign-On. These roles each have a set of permissions which will be granted to people when they log in.

When SSO is first configured, a "default" role is created. This is used if the identity provider does not specify a role, or if a matching role could not be found.

Supply the name of the role using the  role  attribute in the SAML configuration.

The provided values should match the role names which you have set up. If your SAML identity provider sends multiple role values, the first matching role name (in alphabetical order) will be used.

Create additional roles using the Add Role button. Enter the name for the role, choose some permissions, and then save.

Edit a role by clicking the role, changing the permissions in the popup, and then click the Save Changes button.

You can delete a role by clicking on the role and then clicking the Delete Role button. The default role cannot be deleted.