Identity mappings

Map an SSO user or group to a repo account

When a user authenticates, they can be mapped to a repo account based on their user name, or based on their membership in an SSO group. Set up the mapping as follows.

info

The mappings described here apply to repository users, not to Cyral administrators. To grant Cyral administrator rights to SSO users and groups, see Add Cyral administrators using SSO groups

Prerequisites

• Add the local account native repository credentials to your secrets manager
• Give the Cyral control plane access to the repository account.
• Connect Cyral to your SSO identity provider

Procedure

1. In the Repositories page, click Identity to Account Map and click the plus sign.

2. Choose User or Group as the identity type.

3. In the Identity field, specify the SSO user name or group name as it's written in your identity service.

4. In the Local Account field, choose the name of the native repo account. For steps to add a repo account to Cyral, see Add the local account native repository credentials to your secrets manager and Give the Cyral control plane access to the repository account.

5. In the Duration field, set a length of validity for the access, or click Unlimited to grant access that will not expire automatically.

6. Click Create.