Frontify

<a href="#h_4b30337819">What is Group Mapping?</a>

<a href="#h_3fc27d4547">Setup for SAML</a>

<a href="#h_a8264911f4">Multiple group assignment (SAML example)</a>

<a href="#h_200f39a317">Setup for OpenID Connect (OIDC)</a>

<a href="#h_2e7d832a14">Testing &amp; Troubleshooting</a>

- <a href="#h_4b30337819">What is Group Mapping?</a>
- <a href="#h_ddc13c205e">Requirements</a>
- <a href="#h_3fc27d4547">Setup for SAML</a>
- <a href="#h_a8264911f4">Multiple group assignment (SAML example)</a>
- <a href="#h_200f39a317">Setup for OpenID Connect (OIDC)</a>
- <a href="#h_2e7d832a14">Testing &amp; Troubleshooting</a>
- <a href="#h_eb8c858937">Limitations</a>

___________________________________________________________

SSO Group Mapping allows you to automatically assign users from your identity provider (IdP) to user groups in Frontify. This ensures seamless and consistent access control across your organization via SAML or OIDC Single Sign-On.

Attribute <code>User.Groups</code> for SAML / scope <code>roleNames</code> (alternative <code>groups</code> or <code>roles</code>) for OIDC

Account administrator access to Frontify's access management

- A working SAML or OIDC configuration
- Attribute <code>User.Groups</code> for SAML / scope <code>roleNames</code> (alternative <code>groups</code> or <code>roles</code>) for OIDC
- Account administrator access to Frontify's access management

Step 1. Add User.Groups attribute to SSO attributes

Make sure your IdP sends the <code>User.Groups</code> attribute, just like <code>User.email</code>, <code>User.FirstName</code>, and <code>User.LastName</code>.

{ "User.email": "max.muster@frontify.com", "User.FirstName": "Max", "User.LastName": "Muster", "User.Groups": ["marketing"] }

This adds the user to the "marketing" group in Frontify, assuming the group has been set up and mapped.

If you use OneLogin, Okta, or a similar IdP, consult their documentation for instructions on mapping custom attributes.

Step 2: Map Group Values in Frontify

Go to Access Management &gt; Groups

Add the exact <code>User.Groups</code> value (e.g., <code>marketing</code>) to the SSO group mapping field

1. Go to Access Management &gt; Groups
2. Create or edit a group
3. Click Settings via the 3-dots menu
4. Add the exact <code>User.Groups</code> value (e.g., <code>marketing</code>) to the SSO group mapping field

If mapped correctly, they will appear in the assigned Frontify user group

- Have a test user log in via SSO
- If mapped correctly, they will appear in the assigned Frontify user group

Need help? Contact <a href="" rel="nofollow noopener noreferrer" target="_blank">support@frontify.com</a> — we can inspect login logs if needed.

{ "User.email":"max.muster@frontify.com", "User.FirstName":"Max", "User.LastName":"Muster", "User.Groups":["marketing","hr","brandingteam"] }

They'll be added to all matching Frontify groups.

Note: You can't map multiple IdP groups to a single Frontify group.

Entra doesn't send groups as an array by default. Instead, it uses multiple attributes. Please coordinate with your IT team to send group data as a single <code>User.Groups</code> array.

OIDC group mapping works similarly to SAML, using role-based scopes in the token payload.

Include the <code>roleNames</code> scope (or equivalent) along with:

- <code>openid</code>
- <code>profile</code>
- <code>email</code>

Roles from token payload: "marketing", "design"

Add these values to the SSO Group Mapping field in Frontify.

If you're having trouble with group mapping, contact <a href="mailto:support@frontify.com" rel="nofollow noopener noreferrer" target="_blank">support@frontify.com</a>. We can inspect login logs to see what information is being sent and identify issues.

Group removal is not automatic. If a user is removed from a group in your IdP, the account administrator must also manually remove them in Frontify.

<a href="https://help.frontify.com/enterprise-account-setup-and-configuration/single-sign-on-sso-fast-and-convenient-login-for-employees">Single Sign On (SSO) - Fast and convenient login for employees</a>

<a href="https://help.frontify.com/en/?q=IDP+example">Identity Provider configuration examples</a>

<a href="https://help.frontify.com/enterprise-account-setup-and-configuration/access-and-user-management">Access and User Management</a>

- <a href="https://help.frontify.com/enterprise-account-setup-and-configuration/single-sign-on-sso-fast-and-convenient-login-for-employees">Single Sign On (SSO) - Fast and convenient login for employees</a>
- <a href="https://help.frontify.com/en/?q=IDP+example">Identity Provider configuration examples</a>
- <a href="https://help.frontify.com/enterprise-account-setup-and-configuration/access-and-user-management">Access and User Management</a>

Map identity provider groups to Frontify User Groups to automate user access via SSO.

SSO User Groups mapping

Frontify Support

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

SSO User Groups mapping

What is Group Mapping

Requirements

Setup for SAML

Step 1. Add User.Groups attribute to SSO attributes

Step 2: Map Group Values in Frontify

Step 3: Test Mapping

Multiple groups assignment

Setup for OpenID Connect (OIDC)

Testing & Troubleshooting

Limitations

Appendix: