In the SSO settings, you can define a Default Role.

First Authentication – New Users

Scenario 1: If the user’s Role in AD is not configured in the HEFLO configuration environment and the “Default role” property is set, when logging in, the user will use the Default Role.

To learn more about creating roles in HEFLO: Roles on HEFLO.

For information: If the “Default role” is empty, the associated default role is then: “Portal only”.

Scenario 2: If the user’s Role in AD is configured in the HEFLO configuration environment and the “Default role” property is set, when logging in, the user will use the role defined in AD.

Scenario 3: If the user’s Role in AD is not configured in the HEFLO configuration environment and the “Default role” property is set, when logging in, the user will use the Default Role. However, if the role in AD is registered in HEFLO at a later date, the user will use both the AD Role(s) and the Default role.

For users who already used SSO authentication before the deployment of the “Default role” feature (April 2024), Scenario 3 does not apply; Scenario 2 prevails.

To learn more about configuring SSO: Set up SSO.