Can we map existing user group from SAML Provider to ezeelogin as ezeelogin user group ?
Mapping Existing User Groups from SAML Provider to ezeelogin User Groups
Q. We have multiple groups in the SAML provider (Azure SSO/Okta SSO/Onelogin SSO/ AWS SSO etc..)for different users who have different authorization groups, so if we map these user groups via SAML will these users get access to the authorized servers?
A. Yes, it is indeed possible to map user groups from your SAML provider to ezeelogin user groups. By creating user groups in the ezeelogin web interface that correspond to the names of the groups in your SAML/SSO provider, users will be automatically assigned to the relevant groups within the Jumpserver.
Step-by-Step Guide to Mapping User Groups
Step 1 A) Create user groups in gateway server.
Create user groups with the same name as in SAML provider in Web GUI > Users > User Groups. 
The SAML users would be automatically assigned to the same user group within Ezeelogin.
Step 1. B) Add Group Attribute name in SAML settings.
Make sure to add Group Attribute Name in SAML Settings.
Step 2: Manage User Group Priorities.
If the user in the SAML provider belongs to multiple user groups, you should set priority to a user group, so that the user will be assigned to the user group having the highest priority. Edit the user group or you can set priority while adding user group.
You should set a greater value for the highest priority.
If a user exists in multiple user groups, then the user will import to the user group having a higher priority.
For example: Consider a user named Marc who is a member of both the devopsteam & systemteam. If systemteam is assigned a priority of 5 and devopsteam a priority of 3, Marc will be imported into the systemteam user group because it holds the higher priority.
By following these steps, organizations can effectively map user groups from their SAML providers to ezeelogin user groups. This integration not only simplifies user management but also enhances security by ensuring that users have access only to the authorized servers based on their group members.
Related Articles: