From 4105a34f22b161f409fe92256025c3d3fe8fb2c0 Mon Sep 17 00:00:00 2001 From: Lasse Heemann Date: Mon, 1 Jul 2024 13:22:43 +0200 Subject: [PATCH] Fix group to role mapping section (#1699) Related to: https://github.com/neo-technology/neo4j/pull/26072 --- .../sso-integration.adoc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index 4c353ad2b..e64a4e3c5 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -166,20 +166,20 @@ The simplest approach is to create identity provider groups with the same names If you decide to go this way, no mapping configuration is necessary. Assuming, however, that identity provider groups do not directly map 1:1 to the desired Neo4j roles, it is necessary to map the identity provider groups to the xref:authentication-authorization/built-in-roles.adoc[Neo4j built-in] and custom-defined roles. To do that, you need to know what privileges the Neo4j roles have, and based on these privileges, create the mapping to the groups defined in the identity provider. -The map must be formatted as a semicolon-separated list of key-value pairs, where the key is a comma-separated list of the identity provider group names and the value is a comma-separated list of the corresponding role names. -For example, `group1=role1;group2=role2;group3=role3,role4,role5;group4,group5=role6`. +The map must be formatted as a semicolon-separated list of key-value pairs, where the key is the identity provider group name and the value is a comma-separated list of the corresponding role names. +For example, `group1=role1;group2=role2;group3=role3,role4,role5;group4=role6;group5=role6`. .Example of identity provider groups to Neo4j roles mapping ==== [source, role=noheader] ---- dbms.security.oidc.mysso.authorization.group_to_role_mapping=\ - neo4j_readonly = reader; \ #<1> - neo4j_rw = editor,publisher; \ #<2> - neo4j_rw,neo4j_create = publisher; \ #<3> - neo4j_create,neo4j_schema = architect; \ - neo4j_dba = admin; \ - neo4j_exec = rolename #<4> + neo4j_readonly = reader; \ #<1> + neo4j_rw = editor,publisher; \ #<2> + neo4j_rw = publisher; \ #<3> + neo4j_create = publisher; \ + neo4j_dba = admin; \ + neo4j_exec = rolename #<4> ---- <1> Mapping of an identity provider group to a Neo4j built-in role.