MorganBB
Mentor
Joined 5 years ago
User Profile
User Widgets
Contributions
Re: Group roles and permissions
Incredibly disappointed to read that group owner role still cannot be assigned by other group owners... or at least be an option to allow it to be owner assignable. This is an incredibly frustrating pain point in groups in classic. I want internal employees to be able to act as owners within groups, either because it is their job to help group owners or because their team creates the groups and wants multiple members to be able to run them - without assigning them administrator role. It feels like this is an obvious use-case yet, the problem has been transferred to aurora.Re: Create a ranking formula
Is there similar access to custom profile field data for ranks? For example. Custom profile field "isManager" exists, if its not empty the user is a manager. I want to use Ranks to assign the "isManager" role. I get an error whenever I try and get it to look at the custom field. This is accessible for badges Im following the same logic, but its failing.Re: 2023 Customer Awards: Upwork - Best-in-Class: Community
Incredibly proud to be a part of this awesome team that has figured out unique, creative ways to solve for common community challenges and expand on out of box components in Khoros. Can't wait to see what is in store for our excellent community over the next year!Re: Saml integrations with Okta
So, set up Okta groups. Manage membership to this based off user_type field. then you can use the "user removed from group" trigger in workflows to kick it off. (photo 1) In a nutshell - the user is removed from the okta group when the user_type field in their profile changes away from one of the groups you're wanting to monitor. Being removed from any group triggers workflow 1 - the true false statements check its one of the groups you're monitoring and then if true passes the groupname (and with it the role you are removing) and the required user data into the child flow which uses the khoros API to remove the role. (photo 1) (photo 2) You'll need a child flow that will be responsible for acquiring the users khoros id (if thats not already stored in the users profile) and another that will actually make the api request to khoros directly to remove the role. (photo 2) not pictured are two subsequent child flows, one which fetches and updates the users khoros id if its not in their profile - second is the one that fetches the api-key needed to run apiv2 calls. Our method stores it in a table in okta with a time stamp, when the key is requested it checks its age, if its still valid passes it back, if not requests a new one, stores that in the table and then provides the valid key back to the flow hope this helps.Re: Saml integrations with Okta
Yep - more of a workaround than a fix though as it doesnt remove using assertion mapping. use okta groups to manage adding the roles by assertion. then use workflows to remove the role from the user when theyre removed from the okta group or added to a "remove X role group" you can then use okta group rules to manage which users need to have what role removed and let workflows handle the work - be careful to watch the rate-limits. π Workflows is an 'extra' with Okta - but you can run five workflows without paying more (plenty for what you're wanting to do) I'll come back in a bit with screenshots if needed.Re: SSO & Okta Integrations
I have recently worked with khoros to find a 'fix' for the issue that stopped us being able to send multiple roles in the SAML assertion at user log in. Currently we are using the method using Okta rules / Workflows to push this via API to Khoros, which is triggered by the user being added to the Okta group. The 'fix' requires a ticket with Khoros who can change the expected format from CSV to JSON obejct list and then you can push multiple roles to a user on log in by matching up Okta group membership name to role name in Khoros. this same method can be used to remove roles / access too.
