The specified roles are assigned if external role synchronization is deactivated (default roles).
If no roles are specified, the role iTZ_Ext_Auth_User is assigned.
If external role synchronization is activated, the default roles are only assigned if no mapping criteria could be applied (fallback roles).
It is possible to define a ruleset to add roles for external Simplifier users. The rules work with the profile attributes returned by the external authentication mechanism.
| Symbol | Name | Description |
| ∃ | Profile Attribute exists | The profile attribute for the provided name was returned by the external authentication system |
| ∄ | Profile Attribute does not exist | The profile attribute for the provided name was not returned by the external authentication system |
| = | Equals | The profile attribute value for the provided name equals the provided value to check against |
| ≠ | Not equal | The profile attribute value for the provided name does not the provided value to check against |
| > | Greater | The profile attribute value for the provided name is greater than the provided value to check against |
| ≥ | Greater or equal | The profile attribute value for the provided name is greater or equal than the provided value to check against |
| < | Lower | The profile attribute value for the provided name is lower than the provided value to check against |
| ≤ | Lower or equal | The profile attribute value for the provided name is lower or equal than the provided value to check against |
| ⊃ | Contains | The profile attribute value for the provided name contains than the provided value to check against
Contains does not mean, Equal! Equality will not match. |
| ⊅ | Does not contain | The profile attribute value for the provided name contains than the provided value to check against
Contains does not mean, Equal! Equality will not match. |
| ⊃ Key | Key exists | The profile attribute value for the provided name is an object/array and has the provided value as key |
| ⊅ Key | Key does not exist | The profile attribute value for the provided name is an object/array and does not have the provided value as key |
| ⊃ Value | Value exists | The profile attribute value for the provided name is an object/array and has the provided value as value |
| ⊅ Value | Value does not exist | The profile attribute value for the provided name is an object/array and does not have the provided value as value |
Example Active Directory Group
In this Example the User should be assigned to a Active Directory Group named _grp_Simplifier and only users that assigned to this group should be able to use Simplifier.
