Skip to main content
Skip table of contents

Setting Up Access Control

Mend controls user access to information within the UI through Groups and Roles.

Groups are a collection of users. Mend will automatically create two groups when an organization is created: Admin and Users. Users have read-only access to the application and Admins have full access to the application.

For instructions on how to create groups, please follow Manage Groups in the Mend Platform

Roles are the permission level within the application. These are split into Organization level and Application level roles.

Roles can be applied to Groups granting permissions to every user in that group or to Users directly. Mend recommends managing user permissions through groups and only assigning direct permissions to users as an exception.

For instructions on assigning roles to groups and see the permission level of each role see Manage Roles in the Mend Platform

When integrating with SAML integrations, users can be added automatically to groups but Mend will never automatically assign a Role to a group except the default Admin and User groups created with the Organization. See here for more details.

Adding Users

Users can be added manually or automatically through the SAML integration.

Once a user signs in, they will be assigned to the users group automatically and have read view of all applications/projects.

For instructions on how to add users manually see Manage Users in the Mend Platform.

SAML Integration

The Mend Platform only supports SP-Initiated Logins.

Single Org

Setup SAML Integration by following the documentation for “Organization SSO”. Ignore Role mapping and set up a valid SAML Attribute Statement for the Key Attribute “Groups”. These will become your Mend Groups when a user signs in.

In addition to being added to the Users group, a new user also be assigned a Mend Group created by the SAML Attribute Statement. This group will have no roles.

Multi-Org

Mend SAML Integration does not automatically create groups for global accounts. Within each of your organizations, you will need to create the desired user groups. User assignment to groups can be ignored, that will be handled by the SSO integration through Role Mapping.

Setup SAML Integration by following the documentation for “Account SSO”. To automatically assign users to a specific Mend Group within an Organization, a valid SAML Attribute Statement for the Key Attribute “Role” needs to be set and the Role Mapping must be provided. For details on setting up Role Mapping see Global Account - Map SAML Property to Mend Group

Additional Guides

For a more detailed guide on how the SAML Access Control is set up, please see SAML Access Control Setup Guide

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close