Managing user permissions for thousands of Mapiq users can be time-consuming. With Mapiq, you can simplify this process by leveraging your organization’s internal data to automatically assign user profiles based on information stored in your Active Directory (AD). This article will guide you in setting up automatic assignment rules to manage user profiles efficiently.
🚨 Automatic user assignment of an active Signal Sign On (SSO). For more information, please reach out to your Customer Success Manager.
User Profile Assignment Methods
User profiles can be assigned in three ways, evaluated in the following order:
Method | Description |
Manual Assignment | Users can be manually assigned to a profile by:
|
Automatic Assignement | Create a rule within a profile in the ‘Access’ tab that automatically assigns a user to a profile based on a value in the AD (e.g., Country or Home office) |
Default Profile | A general default profile is set for everyone not part of a manual or automatic assignment |
The flow chart below illustrates the assignment process and priority:
Example
Suppose Mapiq is used in the Netherlands, Australia, and the US. You want to create different profiles per country (Default and Priority), but this could require substantial manual effort, especially for new hires. In this case, automatic assignment is the ideal solution.
With the automatic assignment, all users from all three countries will initially be assigned a default profile A. To ensure users are assigned to a preferred profile that fits their country, an assignment rule can be set up to automate the assignment. For instance, a new profile (profile Australia) can be added with a rule where the office is exactly Australia. This automation will move all users whose AD property matches the assignment rule from profile A to profile Australia.
Suppose a user automatically assigned to Profile Australia must be manually assigned to a new profile named Priority later. In that case, they will be moved from Profile Australia to Profile Priority.
Auto-Assignment Pre-Requisites
SSO authentication needs to be configured before you can use auto-assignment. At least one of the following claims must be configured by your IT department:
Country
Office
Department
Business Unit
Job Title
Setting Up Auto-Assignment Rules
Follow these steps to configure auto-assignment rules:
Ensure your IT department configures the required claims in the Active Directory field, then log out and log back into Mapiq Admin to push the claims to the system, or wait for approximately 15 minutes.
Create a new profile (Workspace quota and Workspace location) in the Access tab.
Click “Edit users” and configure the rule in the Automatic Assignment section.
Click “Add rule.”
Select the claim you would like to use for your rule.
🚨 Please note that only one claim can be used per profile type. This means that you can only choose one claim that will be assigned for all Quota or Location profiles respectively, and cannot use different quote profiles with different claims.
⚠️ When selecting a ‘Properties without match’ option, the auto-assignment rule won’t be applicable until a user is assigned one of those claims.
Type in the exact value that matches the AD property.
⚠️ The numerical value shows the number of people to which the rule is applicable. Because this AD property is only retrieved at login, these numbers may change when more users with the corresponding AD property log in.
If manual assignments were already in place when creating an auto-assignment rule, the check box would ensure that those users that match this rule are moved to this profile (selected by default). Please note that this action will be applied once when saving this rule.Activate auto-assignment by clicking on “Confirm.”
When users log in to Mapiq for the first time, they will be automatically assigned to the appropriate profile. An overview of the total number of users per profile and the number of auto-assigned users is available on the Access tab, and a warning indicator will be shown if an auto-assignment rule is not yet applicable to any user.