Forum Discussion

  • keithkelly 

    Yes, you can update the profiles fields as I mentioned in below question also 

    https://community.khoros.com/t5/Developer-Discussion/Can-I-assign-signatures-to-everyone-who-doesn-t-have-one/m-p/719107#M19022

    If you know, where to find the value, then you can easily assign it to Department field using below API
    <#assign response = restadmin('/users/id/${userId}/profiles/name/department/set?value=${value?url}')!{} />

    Note: Make sure this is a valid profile name. I think you can check it using inspect element(right click on the field).

    And the easiest way is, ask support to add this field in their mapping list. So automatically it can be filled when a new user comes in through SSO. 

  • In our SSO implementation, we map departments to roles. This is already in the SSO integration and shouldn't require any intervention by Khoros support. This then gives us options for limiting permissions based on department/role, so we can have forums that are restricted to members of a department.

    Keep in mind that these will only 'sync' when the user logs in via SSO - so if an employee changes departments in your company, that change isn't reflected until the next SSO login to Khoros.

    Also, the SSO integration has two arrays - a "grant" and "remove". A user will continue to have a role via SSO until that role is passed in the "remove" array. In our implementation, we pass both on every SSO login just to make sure the roles in Khoros are up to date with our internal systems. The "grant" will have all the roles they should have, the "remove" all the roles they should not have.