Skip to content
  • There are no suggestions because the search field is empty.

How to Map SSO Identity Property to Ronspot Property

This feature allows a company using Single Sign-On to map a property in their Identity service to a property within the Ronspot service. This allows users to be automatically assigned to a same-name entity within our service.


Table of Contents

  1. Notes
  2. Pre-Create Groups in Ronspot
  3. Map Single Identity Property to Ronspot Property
  4. Map Multiple Identity Values Into a Single Ronspot Group
  5. Advanced Identify Property Mapping

 

 

Notes

  • Only the following authentication/identity services are currently supported for this feature:
    • Microsoft Entra (Azure) Identity protocol
    • Okta Identity protocol
  • Permission to use a property must be given to the Ronspot service.
    • You may see the property internally but Ronspot may not have permission to access it.
    • Only your information technology department can arrange this permission.
  • Only the following properties in Ronspot are currently supported:
    • Group property.
  • The mapping is applied only when an employee user logs into Ronspot.
    • If an employee’s property value changes, in the connected identity service, the only absorbed in Ronspot when they next log into Ronspot.
  • The mapping only goes from Identity service to Ronspot, not vice versa.

 

Pre-Create Groups in Ronspot

  • Create and configure groups in Group Settings before creating the mapping described in the next sections. 
  • The groups should be named to align with the Identity property values what will come from your company’s Identity tenant.
  • For example, if an employee has “Marketing” in their “Department” property then they will be automatically assigned into the “Marketing” group, when they log in next.
  • If a group does not exist then they will be assigned to the default assigned group, if that is not set then the employee will have no group assigned.

 

Map Single Identity Property to Ronspot property

Step 1: Access User Authentication Settings

  1. Log in to the Ronspot admin panel.
  2. In the sidebar menu on the left, click on Advanced Settings.
  3. Under Advanced Settings, select User Authentication.

Step 2: Manage Authentication Methods for a Domain

  1. Click on the icon representing the Single Sign On authentication protocol and the domain you want to configure.

Step 3: Add New Mapping

  1. In the Property mapping for Single Sign On section, click Add new mapping.    

Step 4: Configure the Mapping

  1. Identity property: Enter the exact name of the Identity property (1) in your Identity service, this is case sensitive (e.g. “Department”).
  2. RONSPOT property: Choose an item in the RONSPOT property dropdown (2).
  3. Active: Set Active (3) to Yes
  4. Click Save (4) on the dialog, this inserts the mapping into the previous view at (6). 
    • Optionally, click Cancel (5) to abandon any changes.
  5. Click Save (7) on the page view.
    • Optionally, click Cancel (8) to abandon any changes.
    • At this point, as your employees start fresh logins to Ronspot, they will be assigned to the configured group automatically.  

    IdentityPropertyMapToRonspotProperty-2


     

    Map Multiple Identity Values Into a Single Ronspot Group

    Notes:

    • This only works with a mapping into the Ronspot group.
    • This scenario is useful when, for example, you want to assign multiple departments into a single business unit group within Ronspot. 

    Step 1: Verify Identify Property Mapping

    Step 2: Navigate to 'Group Settings'

    • In the sidebar menu on the left, click on Group Settings.

    Step 3: Edit the Targeted Group

    • Click the Edit icon for the target group, e.g. a group named “Product Business Unit”.

    Step 4: Edit the 'Identity Property Matching Values”'

    • Click the Edit button to the right of the Identity property matching values.        

    Step 5: Add Property Values

    • Type in a property value in (1) that you want matched against the Identity property values set up in the previous section (mapped to “RONSPOT Group” only)
    • Click the Add to list button (2) to add it to the list on the right (3).
      • Repeat the same steps for other values that you want matched.
      • Optionally, click an item in (3) and click Remove selected (4) to remove a value.
    • Click Confirm (5) to save the values to the previous form.

    Step 6: Save the Group Configuration

    • Click Save (8) to save the configuration.


    IdentityPropertyMapToRonspotPropertyGroups-2

    Repeat for other groups from step 3. In the example screenshot above, if an employee logs into Ronspot and their “Department” identity property value is “Engineering” or “Support”,  they will be automatically assigned to the “Product Business Unit” group in the company account.

    Rules:

    • You cannot create more than one group with the same name.
    • A single value in the “Identity property matching values” list cannot be the same name as an existing group.
    • A single value in the “Identity property matching values” list cannot be the same name as a value in the “Identity property matching values” of another group.

     

    Advanced Identity Property Mapping

    Use the steps in the previous sections to configure Ronspot for the scenarios below.

    • If you have more than one domain in your company account and you want to map subsets of people from either domain into the same named group.
      • For example, you could map the people in the “Support” department from the abc.com domain and the “Engineering” department in the xyz.com domain into a group named “Product” in Ronspot.
      • The names of identity properties can be different in each domain.
    • We support the above in conjunction with the “Identity property matching values” configured in each group.
      • For example, you could map the people in the “Support” and “Engineering” departments from the abc.com domain and the “Engineering” “section” (identity name) in the xyz.com domain into a group named “Product” in Ronspot.

    Notes:

    • The assignment only happens at login time because this is the only time that Ronspot queries the Identity property values from the configured Single Sign On service.
    • When an employee moves departments then they will only be reassigned to the new department group in Ronspot the next time they login into the service.  In the app, the employee won’t see the change until they log out of the app and log in again.