The first time an admin user logs in,
ExtremeCloud IQ creates a corresponding entry in the ExtremeCloud
IQ Accounts database for that VIQ (account) mapped to the appropriate role
based on the mapping rules. An SSO-created account includes a blue flag that
indicates the account is automatically created.
For example, test.user@company.onmicrosoft.com is a member of the group
mapped to the Operator Role, and ExtremeCloud IQ creates
the Admin Account defined in the following figure.
Admin Accounts List
Shows User and Assigned Role
The Username field is created only if the User object is
provisioned with the First Name/Last Name field and the Attributes are added in ExtremeCloud IQ.
Most roles (Operator, Monitor,
Installer, etc) require a location be defined for the user to see managed devices.
SSO-created accounts do not automatically get assigned locations, so an
Administrator must assign each SSP-created account to a location manually in ExtremeCloud
IQ.
A single IdP SSO domain can be linked
to multiple VIQs (accounts). However, at this time, switching between each requires
manually logging in to each VIQ (account).
If individual IdP groups to RBAC roles are not defined, you must configure a
Catchall group, and add all users who require access, along with the Catchall rule.
Without this configuration, the user authentication will fail.
At this time, deleting an SSO configuration in ExtremeCloud
IQ does not purge all certificates. Certificates can be managed for an IdP
Profile by selecting , and then selecting Manage
Certificates.
, and then selecting Manage
Certificates.