Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

LCAM rules have the following structure:

global:
  lcam:
    rules:
      - groupName: "Smartfacts Users"
        claim: "email"
        value:
          - "@"
        groupLicence:
          - "LIC_SMARTFACTS_USER"
        accountName: "Smartfacts Account"
      - groupName: "Account Administrators"
        claim: "email"
        value:
          - "account.administrator@your.domain"
        groupLicence:
          - "LIC_SMARTFACTS_USER"
        accountName: "Smartfacts Account"

  1. Each entry defines a group in Smartfacts. In Smartfacts you can assign different roles and privileges to these groups.

  2. For each group, a claim and one or more values must be stated.

  3. Users are added when at least one of the stated values is part of the token claim value for the user.

  4. The claim can be any claim in the token.

  5. If you want to refer to a claim in the user info request, then write
    - claim: "[userinfo]:<claimName>"

  6. It is possible to state the same group multiple times with different claims.

  7. As soon as at least one claim matches for a user, this user is assigned to the group.

  8. The account name is always "Smartfacts Account".

  9. The group license is always "LIC_SMARTFACTS_USER".

  10. The value of the property “groupName” is used to create the corresponding group in Smartfacts.

  • No labels