Skip to main content
All CollectionsIntegrations
Step 2: Configure Dispel groups in the Dashboard
Step 2: Configure Dispel groups in the Dashboard
P
Written by Pete Pickerill
Updated over a month ago

Dispel configuration for OIDC Group Mapping

Once single sign on has been setup and the identity provider has been configured to return group claims, administrators will need to assign group mappings to Dispel Groups.

Adding identity provider group mapping to Dispel groups

  1. As an admin, log in to the Dispel dashboard

  2. Click the 'Groups' link in the left navigation menu

  3. Select the group you want to add a mapping for and navigate to the 'Settings' tab

  4. In the “Group Mappings” field enter a comma separated list of identity provider group names whose members should be added to the Dispel group.

  5. Save your settings.

NOTE: A Dispel group can either have its members managed manually OR it can take advantage of OIDC group mapping for member management. Blended groups, where members are added or removed manually and automatically through group mapping, are not supported.

Adding and Removing Users in Mapped Groups

Once you have mapped groups from your identity provider to groups in Dispel, Dispel will regularly check your identity provider for changes in group membership. Dispel groups will be updated when changes are detected. The following is a list of possible changes performed by Dispel.

Change in Identity Provider

Automated Change in Dispel

A user is added to the mapped identity provider group (Corresponding user exists in Dispel)

The corresponding user is added to the mapped Dispel group.

A user is added to the mapped identity provider group (Corresponding user DOES NOT exist in Dispel)

A corresponding Dispel user is created and added to the mapped Dispel group.

NOTE: The new Dispel user will be guided through an account setup process when they log in to Dispel using single sign on through the approved identity provider.

A user is removed from the mapped identity provider

The corresponding Dispel user is removed from the mapped Dispel group

Authentication Flow and Group Refresh Cycle

After the required configuration has been completed, you should begin to see automatic management of Dispel group membership based on a given user's identity platform group assignments. Consult the diagram below to better understand how and when users are added and removed from Dispel groups.

  1. A user logs in to Dispel using Micrsoft Entra single sign on.

  2. Dispel reads the user’s identity platform group assignments and reconciles the user’s Dispel group membership:

    1. Users are added to Dispel groups with mappings that match the user’s MS Entra group assignments

    2. Users are removed from Dispel groups with mappings that DON’T match the user’s MS Entra group assignments

  3. Throughout the session, the Microsoft Graph API is used to check for changes to MS Entra group assignments. If changes are detected, users will be added/removed from Dispel groups as necessary and system access will be updated as needed. Updates to Dispel group membership may take up to 10 minutes after the change is made in the identity provider.

Related Articles
Step 1: Add Dispel information to Okta
Step 2: Add Okta information to Dispel
Introduction: OIDC Group Mapping
Step 1: Configure the identity provider for OIDC group mapping
How To: Set up your EntraID Integration with Dispel
Did this answer your question?