Since the introduction of single sign-on support in Univention Corporate Server (UCS) via Secure Authentication Markup Language (SAML), an administrator can assign a user within the user object to those applications, called service providers in the SAML context, he or she can log in to via single sign-on. As for administrators in organizations with many users, this assignment can be time-consuming.
Since the update to UCS 4.4 erratum 611 in May this year, UCS system administrators are able to assign single sign-on for applications to entire groups. This simplifies the management of user access for organizations that have many users and map user permissions through groups.
To set the access rights for groups, the administrator logs in to the UCS management system, goes to the ‘Groups’ module, selects an existing group or creates a new group and then he or she adds the corresponding SAML service provider on the “General” tab in the section ‘SAML Settings’.
First of all the application must be configured as a SAML service provider. Some of the apps in the Univention App Center, which already have a SAML service provider configuration, for example Nextcloud, Office 365 or Rocket.Chat, are pre-configured in this way after installation. For others you can add this by manually adding a SAML service.