User connectivitySingle sign-on resourcesMultiple groups support in SAML SSO

Multiple groups support in SAML SSO

Transact supports multi-group functionality with SAML SSO. You can assign SSO groups to the ones provided with Transact that correspond to roles:

  • Ephesoft-SystemAdministrator: Super Admin

  • Ephesoft-Administrator: Admin

  • Ephesoft-User: Operator

If you need additional Transact groups, define them in the Transact database.

To configure this support, follow these steps.

  1. Modify the web.xml file, which is located in <Transact Installation Folder>\Application\WEB-INF\. Change the following items:
    1. Change authenticationType to 2 as shown: 
      <context-param>
   <param-name>authenticationType</param-name>
   <param-value>2</param-value>
</context-param>
    2. Uncomment and set the isMultipleGroupsAllowed parameter to true as shown: 
      <init-param>
   <param-name>isMultipleGroupsAllows</param-name>
   <param-value>TRUE</param-value>
</init-param>

      Transact refers to this parameter first to handle all possible multi-group cases.

    3. Uncomment and define AdminGroups and OperatorGroups parameters. Specify the required groups as configured in the database.

      These parameters are used to determine any Admin and Operator groups present in the incoming request. All the matched groups privileges will be accordingly applied to the user. 

      <init-param>
   <param-name>AdminGroups</param-name>
   <param-value>Ephesoft-Administrator,Ephesoft-Administrator-Two</param-value>
</init-param><init-param>
   <param-name>OperatorGroups</param-name>
   <param-value>Ephesoft-User,Ephesoft-User-Two</param-value>
</init-param>
    4. Uncomment and define groupNameDelimiter. 
      <init-param>
   <param-name>groupNameDelimiter</param-name>
   <param-value>,</param-value>
</init-param>
    5. Save the file.
  2. Define Super Admin groups in the application.properties file that is located in <Transact Installation Folder>\Application\WEB-INF\classes\META-INF.

    Change the user.super_admin property to the group you want to use as the Super Admin as shown: 

    user.super_admin=EPHESOFT-SYSTEMADMINISTRATOR

    If you have several Super Admin groups, separate them with double semicolons as shown: 

    user.super_admin=EPHESOFT-SYSTEMADMINISTRATOR;;INFOR-SUPERADMINISTRATOR
  3. If you need to change access for any group, use Access Manager. See Access to specific screen and batch classes.