Table of Contents
Notes
-
Only the following authentication/identity services are currently supported for this feature:
-
Microsoft Entra (Azure) Identity protocol
-
Okta Identity protocol
-
- Permission to use a property must be given to the Ronspot service.
- You may see the property internally but Ronspot may not have permission to access it.
- Only your information technology department can arrange this permission.
-
Only the following properties in Ronspot are currently supported:
-
Group property.
-
-
The mapping is applied only when an employee user logs into Ronspot.
-
If an employee’s property value changes, in the connected identity service, the only absorbed in Ronspot when they next log into Ronspot.
-
-
The mapping only goes from Identity service to Ronspot, not vice versa.
Pre-Create Groups in Ronspot
- Create and configure groups in
Group Settingsbefore creating the mapping described in the next sections. - The groups should be named to align with the Identity property values what will come from your company’s Identity tenant.
- For example, if an employee has “Marketing” in their “Department” property then they will be automatically assigned into the “Marketing” group, when they log in next.
- If a group does not exist then they will be assigned to the default assigned group, if that is not set then the employee will have no group assigned.
Map Single Identity Property to Ronspot property
Step 1: Access User Authentication Settings
- Log in to the Ronspot admin panel.
- In the sidebar menu on the left, click on
Advanced Settings. - Under
Advanced Settings, selectUser Authentication.
Step 2: Manage Authentication Methods for a Domain
- Click on the icon representing the Single Sign On authentication protocol and the domain you want to configure.
Step 3: Add New Mapping
- In the Property mapping for Single Sign On section, click
Add new mapping.
Step 4: Configure the Mapping
Identity property: Enter the exact name of the Identity property (1) in your Identity service, this is case sensitive (e.g. “Department”).RONSPOT property: Choose an item in the RONSPOT property dropdown (2).Active: Set Active (3) to Yes.- Click
Save(4) on the dialog, this inserts the mapping into the previous view at (6).- Optionally, click
Cancel(5) to abandon any changes.
- Optionally, click
- Click
Save(7) on the page view.- Optionally, click
Cancel(8) to abandon any changes. - At this point, as your employees start fresh logins to Ronspot, they will be assigned to the configured group automatically.
- Optionally, click
Map Multiple Identity Values Into a Single Ronspot Group
Notes:
- This only works with a mapping into the Ronspot group.
- This scenario is useful when, for example, you want to assign multiple departments into a single business unit group within Ronspot.
Step 1: Verify Identify Property Mapping
- Ensure the appropriate Identity field is mapped to the Ronspot Group, see the steps in the previous section.
Step 2: Navigate to 'Group Settings'
- In the sidebar menu on the left, click on Group Settings.
Step 3: Edit the Targeted Group
- Click the
Editicon for the target group, e.g. a group named “Product Business Unit”.
Step 4: Edit the 'Identity Property Matching Values”'
- Click the
Editbutton to the right of theIdentity property matching values.
Step 5: Add Property Values
- Type in a property value in (1) that you want matched against the Identity property values set up in the previous section (mapped to “RONSPOT Group” only)
- Click the
Add to listbutton (2) to add it to the list on the right (3).- Repeat the same steps for other values that you want matched.
- Optionally, click an item in (3) and click
Remove selected(4) to remove a value.
- Click
Confirm(5) to save the values to the previous form.
Step 6: Save the Group Configuration
- Click
Save(8) to save the configuration.
Repeat for other groups from step 3. In the example screenshot above, if an employee logs into Ronspot and their “Department” identity property value is “Engineering” or “Support”, they will be automatically assigned to the “Product Business Unit” group in the company account.
Rules:
- You cannot create more than one group with the same name.
- A single value in the “Identity property matching values” list cannot be the same name as an existing group.
- A single value in the “Identity property matching values” list cannot be the same name as a value in the “Identity property matching values” of another group.
Advanced Identity Property Mapping
Use the steps in the previous sections to configure Ronspot for the scenarios below.
- If you have more than one domain in your company account and you want to map subsets of people from either domain into the same named group.
- For example, you could map the people in the “Support” department from the abc.com domain and the “Engineering” department in the xyz.com domain into a group named “Product” in Ronspot.
- The names of identity properties can be different in each domain.
- We support the above in conjunction with the “Identity property matching values” configured in each group.
- For example, you could map the people in the “Support” and “Engineering” departments from the abc.com domain and the “Engineering” “section” (identity name) in the xyz.com domain into a group named “Product” in Ronspot.
Notes:
- The assignment only happens at login time because this is the only time that Ronspot queries the Identity property values from the configured Single Sign On service.
- When an employee moves departments then they will only be reassigned to the new department group in Ronspot the next time they login into the service. In the app, the employee won’t see the change until they log out of the app and log in again.