Advanced Roles and Permissions

Today we’re bringing our RBAC system to the next level with the addition of Roles & Permission Mappings.

Mappings make it possible for you to configure roles and permissions on a per-org basis. It’s best explained by an example:

• You have two pricing plans: Free and Paid
• Users on on the Paid plan have access to an additional feature: Data Export

You can now create separate mappings for each of your plans, turn on the Data Export permission in the Paid plan, and switch any of your paid organizations over to the Paid mapping, all within the PropelAuth dashboard - no code changes required.

Here’s a quick walkthrough we’ve created:

Of course, you likely won’t want to remember to switch your users to your Paid mapping every time they upgrade, so you can also do that programmatically:

To learn more about role mappings, check out our documentation. Though we built this feature with the pricing plan use case in mind, there are plenty of other applications - can’t wait to see what you all do!

This release also comes with a few other miscellaneous changes:

• SAML login is no longer required for users with an internal role, even if they are part of a SAML organization
• We now propagate login_hint during SAML logins, so your users won’t have to type their email address in a second time when they are redirected to their identity provider
• Atlassian is now a supported SSO option
• Roles can now be disabled
• Added APIs for resending confirmation emails
• You can now invite users to organizations via the dashboard (instead of just adding them to an organization)