When you create users in a Space, they are effectively in a group which can be very useful as a time-saving tool. See C11. Manage users in a space.
There are three options which may be appropriate.
Scenario 1: There is a minimum level of access I want to give to all users
Consider assigning the 'Everyone' token to roles in your Spaces. An example is shown in the screenshot where every user can be automatically assigned to the "Member" role in a particular Space. This avoids the need to assign users manually when new user accounts are created.
Managers would need to be assigned individually but the common case could be covered simply.
Scenario 2: I want everyone in a particular Space to be able to use another Space
Just like the "Everyone" group (above), you can assign Spaces to roles in other Spaces.
For example, if you have a Sales & Marketing Space, and you have a Product Management Space, then you might want to make everyone who is in the Product Management Space a member of the Sales & Marketing Space.
To do this, you will need to be a Manager of the Sales & Marketing Space. Open the management page for the Sales & Marketing Space, go to the "Spaces" tab on the left hand side, and drag the Product Management Space onto the members role on the right. Click Save.
This is useful when there are a large number of users who have been created in different Spaces. It means you can avoid creating multiple user logins for the same person, and gives users a clear single point of access to all of their Spaces when they log into Chorus.
For more details, please see C11.1 Give users access to a space ("To give all of the members of another space access to this space").
Scenario 3: My organisation uses SAML2 or Active Directory, and I want to map users from groups into Spaces in Chorus
If you are using a federated login system such as ADFS (SAML2) or Active Directory, then you may already have definitions of groups or departments which can be used by Chorus.
- SAML2: Groups will only appear if your authentication provider has been configured to pass this information to Chorus. Please consult your IT team if no groups are displayed as they may not have setup 'group claims' on your authentication service correctly. For more details about SAML2, please see D9.2 Common SAML2 Scenarios.This is managed from Admin > Site SAML2 > SAML2 Visible Groups.
- LDAP: Active Directory groups are discovered via the setup process. This is explained in D9.4 Active Directory via an LDAP server.
Please note that Third Light can not provide advice for the configuration of non-Third Light products.
If SAML2 or Active Directory group membership information is available, you can link that group to a role within a Chorus space. Look for the distinctive background icon.
When a group is dragged onto a role in the Space, all users who are members of that group are automatically included. For further details, please see D9.3 Connecting SAML2 groups to Chorus Spaces.
