Create 2025-10-01-saml.md

kevin-sumo · web-flow · commit 7dfd65254707 · 2025-10-02T11:45:27.000-07:00
Change to SAML group to role matching
diff --git a/blog-service/2025-10-01-saml.md b/blog-service/2025-10-01-saml.md
@@ -0,0 +1,14 @@
+---
+title: Change to SAML Group to Role Mapping 
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - saml
+  - authentication
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### Change to SAML Group-to-Role Mapping
+
+Sumo Logic has introduced a change to the way group to role mapping is handled when performing on-demand role provisioning during SAML authentication. Previously, all groups included in a SAML assertion were validated against roles in Sumo Logic. Going forward, only the groups that match existing Roles in Sumo Logic will be applied to the authenticating user. Any non-matching groups will be ignored. Only if no roles match with the groups passed in the assertion will an authentication fail.
