> For the complete documentation index, see [llms.txt](https://helpcenter.xopero.com/xopero-one-en/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://helpcenter.xopero.com/xopero-one-en/login-and-password/external-identity-providers-saml/group-mapping.md).

# Group mapping

For IdP integration, **Xopero ONE** uses differentiated login levels (i.e., **Admin**, **Backup Operator**, **Viewer**, etc.). By default, single users are being authenticated with predefined permissions, based on the roles they are assigned. If you require multiple users to log in with consistent security policies, permissions, or access rights, you can implement group mapping.

The configuration process includes specifying two key parameters: **claim type** and **claim value**— for example, in **Azure Active Directory**, the following parameters refer to:

1. **Claim type** - name of the custom claim defined for the application on the **Azure AD** side to identify the group. In this example, **claim type** value is set to <kbd>xoperogroup</kbd>.
2. **Claim value** - a unique **Azure AD** group identifier (ID) to be mapped (<mark style="color:red;">**not its name**</mark>).

<figure><img src="/files/He2SMRuR0TQS1duRNIDN" alt="Azure AD group mapping"><figcaption><p><em>Group mapping configuration.</em></p></figcaption></figure>

{% hint style="warning" %}
The only account not subject to group mapping permissions is the root admin— logging in using SAML with different group permissions doesn't change the root admin access level; user remains the root admin after signing in, and so do their root admin assigned permissions.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://helpcenter.xopero.com/xopero-one-en/login-and-password/external-identity-providers-saml/group-mapping.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.