Skip to main content
All CollectionsPrivacy & SecuritySetting up SAML v2 SSOSSO Troubleshooting Guides
Resolving Unexpected Role Permission Changes in Vitally
Resolving Unexpected Role Permission Changes in Vitally

A guide to understand why a team member may be switching from Admin to Team Member or any other permission changes.

Ray avatar
Written by Ray
Updated over 2 months ago

Problem Description

Team member roles in Vitally (e.g., Admin, Leader) are being automatically changed to another role (e.g., Team Member). Manual updates to roles in the Vitally UI do not persist, causing recurring issues.

Potential Reasons for the Issue

  1. SSO Configuration:

    • Vitally prioritizes roles configured in your SSO system (e.g., Okta) over roles manually set in its interface.

    • The VitallyRole attribute in your SSO system governs these role assignments.

  2. Incorrect Role Mapping:

    • Roles sent from your SSO system might not align with your intended configurations in Vitally.

Step-by-Step Solutions

1. Check SSO Configuration

  • Contact your SSO administrator and request a review of the VitallyRole attribute settings.

  • Provide them with this documentation for guidance:
    Vitally SSO Setup Documentation.

2. Verify Role Assignments

  • Ensure that each user's role in the SSO system matches the intended role in Vitally:

    • admin for Admin roles

    • leader for Leader roles

    • team for Team Member roles

    • observer for Observer roles

3. Update Role Mapping

  • In your SSO system (e.g., Okta, Google SSO):

    1. Log into the SSO admin dashboard.

    2. Locate the Vitally integration settings.

    3. Adjust the VitallyRole attribute mapping to reflect the correct roles for all users.

4. Confirm Changes in Vitally

  • After SSO settings are updated, log in to Vitally and confirm that user roles now align with the intended configuration.

Additional Tips

  • Communicate with Your Team: Inform affected team members that roles are managed via SSO and explain the updated configuration.

  • Test Role Settings: Before finalising changes, test role updates in a Sandbox/Testing environment or with a limited set of users.

  • Regular Audits: Periodically review SSO settings to ensure they remain aligned with your team’s needs.

  • HAR file: If the SSO has been configured, then to troubleshoot further, we would require the HAR file, which can be obtained from within the browser after going through the login process. Information on generating the HAR file can be found here.

FAQ

Why do manual role changes in Vitally get overridden?

Vitally defers to the SSO system for role management. During SSO synchronisation, roles are updated based on the VitallyRole attribute, overriding any manual changes made in the UI.

Who can help with SSO configuration?

Your IT or SSO administrator is responsible for configuring role mappings in systems like Okta, JumpCloud, Google SSO etc.

What if we don’t use SSO or still face issues?

If SSO is not being used or the issue persists, contact Vitally Support for assistance in investigating other potential causes citing the specific affected Vitally Users through the Chat in the Vitally UI or via support@vitally.io.

Related Articles
User Roles & Permissions
How to resolve the "SAML Unsupported" error when logging into Vitally Using Google SSO
Did this answer your question?