Fix group to role mapping section (#1699)

Related to: neo-technology/neo4j#26072
neo4j · Jul 1, 2024 · 4105a34 · 4105a34
1 parent 80f59a3
commit 4105a34
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc
@@ -166,20 +166,20 @@ The simplest approach is to create identity provider groups with the same names
 If you decide to go this way, no mapping configuration is necessary.
 Assuming, however, that identity provider groups do not directly map 1:1 to the desired Neo4j roles, it is necessary to map the identity provider groups to the xref:authentication-authorization/built-in-roles.adoc[Neo4j built-in] and custom-defined roles.
 To do that, you need to know what privileges the Neo4j roles have, and based on these privileges, create the mapping to the groups defined in the identity provider.
-The map must be formatted as a semicolon-separated list of key-value pairs, where the key is a comma-separated list of the identity provider group names and the value is a comma-separated list of the corresponding role names.
-For example, `group1=role1;group2=role2;group3=role3,role4,role5;group4,group5=role6`.
+The map must be formatted as a semicolon-separated list of key-value pairs, where the key is the identity provider group name and the value is a comma-separated list of the corresponding role names.
+For example, `group1=role1;group2=role2;group3=role3,role4,role5;group4=role6;group5=role6`.
 
 .Example of identity provider groups to Neo4j roles mapping
 ====
 [source, role=noheader]
 ----
 dbms.security.oidc.mysso.authorization.group_to_role_mapping=\
-    neo4j_readonly      = reader;    \ #<1>
-    neo4j_rw     = editor,publisher; \ #<2>
-    neo4j_rw,neo4j_create     = publisher; \ #<3>
-    neo4j_create,neo4j_schema = architect; \
-    neo4j_dba  = admin; \
-    neo4j_exec       = rolename #<4>
+    neo4j_readonly  = reader;    \ #<1>
+    neo4j_rw        = editor,publisher; \ #<2>
+    neo4j_rw        = publisher; \ #<3>
+    neo4j_create    = publisher; \
+    neo4j_dba       = admin; \
+    neo4j_exec      = rolename #<4>
 ----
 
 <1> Mapping of an identity provider group to a Neo4j built-in role.