Auto-Assign Groups By Email Rules (SSO Edition)

You might want to automatically assign reader groups based on a readers' email address. For example, we might want to assign all readers with "@knowledgeowl.com" email addresses to a special Owls Only reader group. If we're using SSO, we can do this using Custom Attribute Map Rules under Settings > SSO.

There is also an option under Your Account > Readers > Groups for "Auto-Assign Groups By Email Rules". This does not work with SSO. If you are using SSO, follow the instructions below to set this up using Custom Attribute Map Rules.


Prerequisites:

  • SSO is set up and working
  • Email address is being passed over 
  • IdP attribute name for the email address field

To set up a Custom Attribute Map Rule to automatically assign readers to groups based on an email address:

  1. Go to Settings > SSO.
  2. Select the SAML Attribute Map tab.
  3. Copy the IdP attribute name for Username / Email under Direct Reader Attribute Map.
    • You will need the IdP attribute name for the email address field. If you are already mapping the email address to a field such as Username / Email, this IdP attribute name will be listed in the Direct Reader Attribute Map. If you are not sure, you can enable debug mode in order to log in via SSO and view the IdP attribute names being passed over from your IdP.
  4. Scroll down to Custom Attribute Map Rules
  5. Select Create New Rule.
  6. Enter the IdP attribute name that includes the email address.
  7. In the IdP attribute value matching type section, select Regex pattern.
  8. Copy the code below and paste it into the IdP value regex pattern:
    /.*\@knowledgeowl([\.])com
  9. Replace knowledgeowl with your email domain (and com with your domain ending, if it's not a .com!). So, for example, if our email domain was owlmazing.net, we would use:
    /.*\@owlmazing([\.])net
  10. Select Reader Groups from the Reader attribute dropdown.
  11. Start typing to select the reader group(s) to which you want to assign any SSO readers with matching email addresses. Your pop-up should look something like this:
    Sample SAML Map Rule
  12. Once you've finished adding groups and verified that all information is correct, select the Create Rule button.
  13. Now any readers who log in with matching email addresses should be automatically assigned to the selected reader group(s).