I have SAML working for user login using one cloned user. How do I specify multiple cloned users so as to provide different roles to users? Currently, with LDAP authentication, I can specify an LDAP group in Ssoconfig. If the login user is a member of the LDAP group, he will be cloned to a certain user account (defined with a role that provides higher level of access) and if the user is not, then there is a default cloned user account defined with a role that provides basic access. How do I implement this with SAML?

The SAML documentation only mentions one cloned user account that can be defined in Ssoconfig:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/performance-management/22-2/securing/single-sign-on/set-up-saml-2-0-support/how-to-set-up-saml-authentication/configure-saml-2-0-support-in-single-sign-on.html

<below is excerpt from above doc>

Clone Default User Accounts
Defines the user account to which authorized SAML users are mapped. The role and product privileges that are associated with the user account you specify are applied to all users who successfully authenticate.

Does the DX NetOps Performance Management Portal web server SSO Integration with SAML2 support multiple cloned users?

All supported DX NetOps Performance Management releases

Existing code doesn't support this for SAML integrations.

One possible workaround: Set the SAML User Clone to be a very low level Portal access Role. Can see basically nothing. Upon initial login the user see's nothing, then reaches out to a designated Portal user(s) with admin access. The admin updates the new users Role to one more appropriate to their access level.

This may work for environments where new users are added infrequently.

For environments with more dynamic user changes an Enhancement Request was submitted to ask for this feature. Allowing for different users in different SAML groups to be assigned different Roles in Portal via SAML user cloning.

The ER was submitted against ER request ID DE569850. Reference that ID when following up with your account management team for updates/status on the ER.

Configure SAML 2.0 Support Using the SSO Configuration Tool documentation topic