IdP Integration: Adding Mappers

Dynamo AI's authentication system, Keycloak, supports the capability to integrate with many OIDC/SAML-based external Identity Providers. This enables enterprises to use their existing authentication systems for accessing the DynamoAI Application without having to onboard users onto Keycloak.

To access the DynamoAI application, an onboarded user must have a set of default roles for the function of the application. This guide aims to help set up those mappers to assign a default set of roles to all users onboarded via an external IdP.

Pre-Requisite

An External IdP Integration Setup within Keycloak.

Setup Process:

Why are Mappers needed?

For users to function correctly in DynamoAI, all users must be:

• Assigned to at least one organizational level roles
• Part of the all users group

However, when first logging in to DynamoAI via your external IDP, users won't have these roles or be a part of the all users group. This can be resolved by using sMappers in the IDP.

Add Mappers

Create the following mappers in DynamoAI's Keycloak:

1. ORG LEVEL ROLE - role:org:dynamoeval:developer

Attribute	Value
Name	role:org:dynamoeval:developer
Mapper Type	Hardcoded Role
Sync Mode Override	Inherit
Select Role	org:dynamoeval:developer

This Mapper ensures that when the user logs in for the first time, they get assigned the org:dynamoeval:developer role in DynamoAI. The roles can further be altered using the Organization Management Dashboard.

2. ALL USERS GROUP - group:all-users

Attribute	Value
Name	group:all-users
Mapper Type	Hardcoded Group
Sync Mode Override	Inherit
Select Role	all-users

This Mapper ensures that the user is added to the all users group, so that the public sharing of the resource can function.

This is how the final mappers list should look like:

Note

You can configure additional org level roles, such as for dynamoguard, based on your organization's requirements. This flexibility allows you to tailor the role assignments to better fit your enterprise's needs.