From 6520c485b50f31ce2891edbd52ebe956addcdc99 Mon Sep 17 00:00:00 2001 From: Russ Cam Date: Wed, 12 Feb 2020 16:28:03 +1000 Subject: [PATCH] Update link to role mapping APIs --- docs/azure-arm-template.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/azure-arm-template.asciidoc b/docs/azure-arm-template.asciidoc index a227eea0..623b1289 100644 --- a/docs/azure-arm-template.asciidoc +++ b/docs/azure-arm-template.asciidoc @@ -1356,14 +1356,14 @@ Identifier (EntityID) field for the Enterprise application within AAD>>. Also pa [[role-mappings]] ==== Role mappings -With the cluster deployed, the {elasticdocs}/security-api-role-mapping.html[Role Mapping APIs] are used to configure rules to define how roles received in the SAML token map to roles within Elasticsearch. A SAML realm called `saml_aad` is configured when `samlMetadataUri` parameter is provided, and maps the SAML role claim to the `groups` attribute. +With the cluster deployed, the {elasticdocs}/security-api-put-role-mapping.html[Role Mapping APIs] are used to configure rules to define how roles received in the SAML token map to roles within Elasticsearch. A SAML realm called `saml_aad` is configured when `samlMetadataUri` parameter is provided, and maps the SAML role claim to the `groups` attribute. Since SAML SSO integration also configures Basic Authentication access, role mappings can be added using the `elastic` superuser account. The role mappings that you define will vary depending on the roles that you defined in the `appRoles` array in the <>, but as two examples to demonstrate [source,sh] ---- -PUT /_xpack/security/role_mapping/saml-kibana-user +PUT /_security/role_mapping/saml-kibana-user { "roles": [ "kibana_user" ], "enabled": true, @@ -1380,7 +1380,7 @@ realm, and [source,sh] ---- -PUT /_xpack/security/role_mapping/saml-superuser +PUT /_security/role_mapping/saml-superuser { "roles": [ "superuser" ], "enabled": true,