Allow a user to be mapped to multiple workspaces through attribute mapping

Tulip currently allows users to be manually added to multiple workspaces in the user profile settings section. Allowing customers to map users to multiple workspaces via workspace mapping in the SAML settings allows this process to be automated.

Hello Cassidy! Can you share more about your use case? What sorts of users should be in multiple workspaces, and what are they hoping to achieve? That will help us prioritize a solution.

Hello Kevin,
We have one non-production instance for QA and DEV with a workspace for each site. We would like to move to a model where we can map with SAML a user to multiple workspaces if needed. For example we have developers working over three workspaces, we would like a mapping using the same SAML attribute (group) mapping to multiple workspaces.

Thank you John! Do you find that these users that need to be in multiple workspaces are well-labeled in your IdP (ie indicated by a specific value in an attribute)? Or are they more like exceptions- a single user with special privileges that needs a unique combo of roles and workspaces?

Hello,
No we can only pass an AD group as the SAML attribute. So for example today we would map a user operatorQAUSA to the role of Operator, User Group QA and workspace USA. For our developers we would like to map something like tulipTableSupervisorQAALL to Tulip Table Supervisor, Group QA and map to more than one workspace by re-using the same AD group SAML mapping but assigning to a different workspace. Thanks!

Got it. And I see the name has “all” in it, would this user with the role Table Supervisor have that role in every workspace? Or you would still want to enumerate the workspaces where they have the role?

Hey Kevin, roles would be the same across workspaces. If we could have the ability to map to specific workspaces that would be great, if Tulip can speed up the implementation and its all then that works :wink:

Thank you. Clear now.