You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pages/database-management/authentication-and-authorization/auth-system-integrations.mdx
+10-1Lines changed: 10 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -206,12 +206,21 @@ identity service roles correspond to Memgraph’s.
206
206
207
207
The role mapping is defined as a string where individual mappings are separated
208
208
by a semicolon `;`. Each mapping is structured as follows:
209
-
`{identity service role}:{Memgraph role}`.
209
+
`{identity service role}:{Memgraph role}, {another Memgraph role}, ...`.
210
+
211
+
One identity service role can be mapped to one or more Memgraph roles.
212
+
When a user logs in and is assigned an identity service role that is mapped to an array of Memgraph roles, the user is assigned all of the mapped Memgraph roles.
213
+
For more information regarding how multi-role users are handled by Mmegraph, please visit [Multiple roles per user and multi-tenant roles](/database-management/authentication-and-authorization/multiple-roles).
210
214
211
215
For example, the `entra.admin:memadmin; entra.user:memuser` mapping defines
212
216
that the identity service roles `entra.admin` and `entra.user` respectively map
213
217
to Memgraph’s `memadmin` and `memuser` roles.
214
218
219
+
`entra.admin:memadmin; entra.user:memuser, memdev` maps `entra.user` to `memuser` and `memdev`.
220
+
221
+
Different services use different parameters for defining roles.
222
+
Use `MEMGRAPH_SSO_{provider}_{protocol}_ROLE_FILED` to specify the token parameter that specifies the assigned roles.
223
+
215
224
<Callouttype="info">
216
225
217
226
For correct operation, the Memgraph roles defined in the mapping need to be
0 commit comments