SAML

The SAML use case is a special one - it’s the only one where a user’s roles cannot be dynamically updated. This is because the user’s roles are sent in the initial authentication handshake between Gate and the SAML Identity Provider (IdP).

When Fiat is enabled, SAML groups are automatically pushed to Fiat upon user login and cannot be updated until the user needs to reauthenticate.