Create 2025-10-01-saml.md (#5870)

kevin-sumo · jpipkin1 · web-flow · commit b1ac48efb1ce · 2025-10-02T19:15:24.000Z
* Create 2025-10-01-saml.md

Change to SAML group to role matching

* Updates from review

* Change doc link

---------

Co-authored-by: John Pipkin &lt;jpipkin@sumologic.com&gt;
diff --git a/blog-service/2025-10-01-manage.md b/blog-service/2025-10-01-manage.md
@@ -0,0 +1,14 @@
+---
+title: Change to SAML Group-to-Role Mapping (Manage)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - saml
+  - authentication
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+Sumo Logic has introduced a change to the way group-to-role mapping is handled when performing on-demand role provisioning during SAML authentication. Previously, all groups included in a SAML assertion were validated against roles in Sumo Logic. Going forward, only the groups that match existing roles in Sumo Logic will be applied to the authenticating user. Any non-matching groups will be ignored. Only if no roles match with the groups passed in the assertion will an authentication fail.
+
+For more information about SAML configuration for roles provisioning, see [Configure on-demand roles provisioning](/docs/manage/security/saml/set-up-saml/#configure-on-demand-roles-provisioning).
