question Re: Hue SAML group mapping in Support Questions

Hue SAML group mapping

MichalAR — Tue, 21 Apr 2026 11:37:25 GMT

I'm testing Hue - SAML integration.
SAML login now works, but all users land in Hue with "default" group.

Is there a way to assign Hue groups and permissions based on SAML attributes?

Re: Hue SAML group mapping

bgooley — Mon, 17 Jun 2019 18:34:05 GMT

Hi @MichalAR ,

Hue does not support group mapping based on SAML attributes at this time.

For now, the general workaround is to use LDAP sync if possible to automate user group membership.

Re: Hue SAML group mapping

MichalAR — Tue, 18 Jun 2019 09:16:14 GMT

Hi @bgooley ,
So I can have SAML login + ldap group synch?
I assume "Create LDAP users on login" should be disabled in that case?

Re: Hue SAML group mapping

bgooley — Tue, 18 Jun 2019 18:37:53 GMT

@MichalAR ,

Right, so SAML can be used for Authentication and then LDAP for user/group sync.

If you are not using LDAP for authentication, then "Create LDAP users on login" won't impact you.

If you want to prevent the creation of a Hue user for a new user login, you can set the following:

[libsaml]

create_users_on_login=False

If you do that, though, you need to be sure that you have all of your users already in Hue before they authenticate; otherwise, they will get an error.

If you would like to leave create_users_on_login "True" but change the default group membership, you can adjust the "default" group that is set for new users.

To do so, set:

[useradmin]

default_user_group=<name_of_your_preferred_group>

That way, you don't prevent users from authenticating via SAML if they don't already exist as Hue users, but you can restrict the resources they can access.

It's just another thing to consider that may help you achieve the type of configuration you want.