1

Hi Guys,

We know it’s possible to configure the SAML provider to pass what groups the user should join by setting the RedashGroups parameter.
But I am no sure that the RedashGroups parameter should be a comma-separated list of groups if there are 2 or more? Or should we passing each group in separate tags?

  • passing each group in separate tags (see below)
<saml2:Attribute Name=“RedashGroups”
                NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified”>
                <saml2:AttributeValue xmlns:xs=“http://www.w3.org/2001/XMLSchema”
                    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>admin</saml2:AttributeValue>
                <saml2:AttributeValue xmlns:xs=“http://www.w3.org/2001/XMLSchema”
                    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>user</saml2:AttributeValue>
</saml2:Attribute>
  • pass groups in the same attribute value tag separated by commas (see below)
<saml2:Attribute Name=“RedashGroups”
                NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified”>
                <saml2:AttributeValue xmlns:xs=“http://www.w3.org/2001/XMLSchema”
                    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>admin,user</saml2:AttributeValue>
</saml2:Attribute>

Reference:
https://redash.io/help/user-guide/users/authentication-options

1 Like
2

Yes, I believe that comma-separated is accepted. What happens when you try it?

[Edit 14 June 2021] After some research I think comma-separated lists are not supported here because the groups must arrive as a list() to Python, not a str().

3

I’m curious to learn if you were able to resolve this. Would you mind sharing that?