Auto-Assign Groups By Email Rules (SSO Edition)

You might want to automatically assign reader groups based on a readers' email address. For example, we might want to assign all readers with "@knowledgeowl.com" email addresses to a special Owls Only reader group. If we're using SSO, we can do this using Custom Attribute Map Rules under Settings > SSO.

To set up a Custom Attribute Map Rule to automatically assign readers to groups based on an email address:

1. Go to Settings > SSO.
2. Click on the SAML Attribute Map tab.
3. Copy the IdP attribute name for Username / Email under Direct Reader Attribute Map.
   • You will need the IdP attribute name for the email address field. If you are already mapping the email address to a field such as Username / Email, this IdP attribute name will be listed in the Direct Reader Attribute Map. If you are not sure, you can enable debug mode in order to log in via SSO and view the IdP attribute names being passed over from your IdP.
4. Scroll down to Custom Attribute Map Rules. 
5. Click on + Create New Rule.
6. Input the IdP attribute name that includes the email address.
7. In the IdP attribute value matching type section, select Regex pattern.
8. Copy the code below and paste it into the IdP value regex pattern.

   /.*\@knowledgeowl([\.])com/i

9. Replace knowledgeowl with your email domain (and com with your domain ending, if it's not a .com!). So, for example, if our email domain was owlmazing.net, we would use:

   /.*\@owlmazing([\.])net/i

10. Choose Reader Groups from the Reader attribute dropdown.
11. Start typing to select the reader group(s) to which you want to assign any SSO readers with matching email addresses. Your pop-up should look something like this:
    Sample SAML Map Rule
    
12. Once you've finished adding groups and verified that all information is correct, select the Create Rule button.
    
13. Now any readers who log in with matching email addresses should be automatically assigned to the selected reader group(s).