Skip to main content
Upload mappings for RBAC

Use this feature when mapping roles in Cutover from third-party identity providers

Cutover Documentation Team avatar
Written by Cutover Documentation Team
Updated over 4 months ago

Role Based Access Control (RBAC) is an access control method that auto-creates users on their first valid login, activates auto-assignment of roles based on SAML mappings, and enables the option to purge roles. With RBAC enabled for SAML (SSO) configurations, user roles in third-party identity providers (e.g. Okta) can be mapped to roles in Cutover, essentially allowing the auto-creation of users and removal or addition of roles upon the first valid SSO login.

Note: Before you get started, you must already be using SSO. Please contact your Customer Success Manager (CSM) to discuss enabling SSO or RBAC.

Role Types


Global Stakeholder users can view role mappings, and Global User Admins can upload and manage role mappings.

Get Started


To upload mappings for RBAC, navigate to Settings > SAML Configurations.

Select your SAML configuration. Next, click the info icon under Role Mapping.

Click Upload Mapping.

Click Choose File and select your newly created CSV file > Upload.

Please use the below template at the bottom of this article when configuring your role mapping. This is the same CSV template linked in the Upload Role Mapping modal window shown above.

Note: Overwriting existing role profiles removes previous RBAC mappings.

Make changes to your mappings

You can edit your existing mappings by downloading your current configuration from the three dots menu (on the top right of the Configuration page), then follow the upload process to update them.

Role Mappings Template


The following columns will need to be included in the csv file.

  • SAML Role Name: The name of the user role in the third-party SSO platform.

  • Cutover Role: The name of the user role in Cutover. Learn more about role types.

  • Workspace: The Workspace in which the role will apply to.

Note: It is best to not include & in the Workspace name as this may cause an error. If you need to include &, please replace this in the CSV file with &amp instead.

  • Folder: The applicable folder name within the specified workspace that users will be added to.

  • Subfolder: The applicable subfolder name within the specified folder that users will be added to.

Note: If global roles are set, then Workspace, Folder, and Subfolder fields must be left blank. In the event certain permissions are needed in a subfolder, then workspace and folder fields will need to be added.

Note: If the workspace name changes, it will need to be updated in the CSV.

Did this answer your question?