Do you use SSO and require group membership? And does it also assign permissions?
Hi, We have SSO setup between LM and Azure. It's currently just wide open that anyone with an AD/Entra account can log into LM and get default Read-Only rights. However, I was asked to see about restricting access so that everyone would have to be in a certain LM Group in AD in order for them to get permissions. I think I can figure that part out but I'm also wondering about assigning roles to people based on their AD group. In LM we have various Roles setup so people only have Edit rights to groups that they manage. Network Team has edit rights to the Network Equipment group, Database team has edit rights to the Database Servers group, etc. I was originally thinking I'd use SSO just to grant base access and then I'd assign people to roles within LM that would set their permissions. Then I thought maybe I could create LM groups in AD for each team and have those grant access and handle the Roles people get assigned to. Just curious how many people utilize the role assigned from SSO thing and how well it works or if people just handle that within LM. Thanks.