How it works
Access is controlled through identity-provider groups. Users who belong to a group named Employee Export UnRestricted or Export UnRestricted can view export-controlled data. Everyone else sees no data for those items. The group membership is passed to ION via your SAML connection. ION does not manage group membership directly.Set up your SAML connection for export control
- In your SAML connection, enable the Get user group attribute so ION receives group membership on each login. With Azure SAML, this passes Azure Active Directory groups.
- In your identity provider, add users to a group named exactly Employee Export UnRestricted or Export UnRestricted.