Mirror groups

If you want to manage group memberships via LDAP/SAML and not via RapidMiner Server, you can create a mirror group. A mirror group keeps group memberships in sync between LDAP/SAML and RapidMiner Server by using LDAP/SAML logins to update the group information stored on RapidMiner Server.

Any regular group can be turned into a mirror group. Once the group is turned into a mirror group, it loses all the users that were assigned to it, but it gains new members automatically when an LDAP/SAML-authenticated user logs in.

If the administrator group is turned into a mirror group, it is recommended to remove the ‘admin’ user afterwords, as this account will no longer be needed.

Defining mirror groups

You can change a group to a mirror group in the web interface of RapidMiner Server, under Administration > User management.

  1. Under Administration > User management, select the Groups tab.

  2. Select any of the groups. Please note the column Group managed by LDAP/SAML that indicates the mirrored status and the column LDAP/SAML groups bound to this group that indicates the corresponding LDAP/SAML group.

  3. Check Group managed by LDAP/SAML to turn a regular group into a mirror group, or uncheck it to change it back to a non-mirrored group. If selected, members of the LDAP/SAML groups specified below are automatically added to this group when they log in.

  4. When a group is mirrored, current RapidMiner users get removed from it, and a new entry appears in LDAP/SAML groups bound to this group. These LDAP/SAML groups may be automatically or manually created.

  5. The left side contains the available and the right side contains the already associated LDAP/SAML groups. You can use the buttons in the middle to change the association. If you do not find the required LDAP/SAML group in the list you can create it manually.

Creating LDAP/SAML groups manually

The admin user can create/delete LDAP/SAML groups established inside RapidMiner Server by opening the group management screen and selecting the Manage LDAP/SAML groups action on the right side.

  • To add a new LDAP/SAML group: If the group you wish to use is not present in the LDAP/SAML management list, enter the name of the LDAP/SAML group and click on Add. Afterwards the new group should be displayed in the table.
  • To remove an LDAP/SAML group: Click on the red x Delete icon next to the group you want to remove. If you want to delete an LDAP/SAML group which is already used, check the Force delete mirrored groups checkbox to be able to remove these groups as well.

Keep in mind the LDAP/SAML group name should always reflect the name of the group on the LDAP server or in the SAML response.