When a SAML user logs in to Shares for the first time, Shares automatically creates a new
user account based on the information provided by the SAML response. If the SAML response also
contains group information, and that group does not yet exist in Shares, Shares automatically
creates a new SAML group for each group of which the user is a member. For more information
about SAML groups, see Creating SAML Groups.
Group Permissions
A SAML user belonging to multiple groups is given the
permissions and settings of all groups it belongs to with permissions overriding restrictions.
For example, if Group A disallows sending to external users but Group B does not, users who
belong to both groups are allowed to send to external users. Settings that require specific
handling are as follows:
- Account expiration is only enabled if all groups to which a user belongs specify account
expiration. If account expiration is enabled, the expiration date is set to the latest
expiration date from among all groups.
- For any settings that use Server Default,
Yes or Allow, and
No or Deny, the setting is set to
Yes if any group specifies Yes, and it is
set to No if all groups are set to No.
Otherwise, it is set to use the server default.
- For package deletion policy, override is enabled if all groups specify override, or if
the least restrictive group setting is less restrictive than the server-wide setting. If
override is enabled, the least restrictive group setting is used. Do
nothing is less restrictive than Delete files after all
recipients download all files, which in turn is less restrictive than
Delete files after any recipient downloads all files.
- For advanced transfer settings, override is enabled if all groups specify override or if
any group specifies any transfer rate that is higher than the server default. If override
is enabled, each transfer rate is set to the higher of the highest value from among the
groups and the server default. The minimum rate policy is locked only if all groups
specify the setting.