Attribute Based Restriction

This feature will allow or restrict the user to log in based on attributes received from the OAuth server/provider. Using this feature, you can also redirect the user to a specific Drupal site URL if the user is restricted from logging in using SSO.

Step to enable Attribute Based Restriction:

Watch how to configure Attribute Based Restriction: ▶ Watch Setup Video

• To configure Attribute Based Restriction, go to the Client Configuration section and navigate to the Manage tab to locate your desired application.
• In the corresponding application row, click the dropdown arrow next to Attribute Mapping under the Mappings column, and select Client Settings.
• Within the Client Settings section, scrolldown to the Attribute Based Restriction.
• In the Attribute Based Restriction, check the Enable Attribute Base Restriction checkbox. This step is mandatory.
• Now, enter the attribute name in the Attribute Name text field that you want to restrict or allow.
• After entering the attribute name, select Allow below attributes or Restrict below attributes according to use case.
  • Allow below attributes: Enabling this option will allow the users with the above-mentioned attribute name, to perform SSO.
  • Restrict below attributes: Enabling this option will restrict the users with the above-mentioned attribute name, to perform SSO.
• Enter the attribute value in the text box. You can enter the multiple attribute values by separating them by ;(Semicolon).
• In the Redirect Restricted Users text box enter the URL on which you want to redirect restricted users. Users will be directed to the login page if you keep it empty.
• Click on the Save button.

How it Works

• Now, let’s see how this feature works.
• Navigate to the Drupal site login page and click on the provider link to log in to the Drupal site.
• Log in to Provider.
• As per the configuration, the user will be restricted from logging in and redirected to the specified page.