Mapping global LTI roles is available at the LTI tool level. It enhances user management experience and facilitates straightforward control over role-based access.
To map LTI roles to platform roles follow these steps:
- Access the LTI page.
- At tenant level, select Settings on the left-hand side and choose LTI from menu options. Then click on the desired LTI tool.
- At a branch level, select Branches underneath Manage Users. Locate the desired branch and select it. Click Settings, choose LTI and click on the desired LTI tool.
- Select the LTI Roles tab.
- Locate the LTI global role you would like to map and click on the Select Role option underneath.
- Choose the desired Role to map the global role to. Assign the role at the scope the LTI deployment has been configured at. Review specific Scenarios below to ensure the mapping meets your expecations.
- Repeat steps 3 & 4 for every role you would like to map.
- Once completed, click the Save button at the bottom of the page.
Match global LTI roles to the preferred BenchPrep roles along with the appropriate access level. If using Group Assignment, the roles will be scoped to the applicable group context. If the role does not have a group context, the role will not be assigned. If Group Assignment is not used, the roles will be scoped to context at the same level as the deployment. If the scope of the role and the deployments do not match, the role will not be assigned.
To illustrate the functionality, review the following scenarios:
Scenario 1:
- Role A has the scope of Tenant and Branch (the role can be assigned at Tenant or Branch levels only)
- Group Association is not used
- Tenant level LTI tool is set up with 2 deployments:
- Deployment 1 - tenant level deployment
- Deployment 2 - branch level deployment
When a Global LTI role is mapped to Role A the following will happen:
Users with the Global LTI role who access via Deployment 1 will have this role assigned with a tenant scope
Users with the Global LTI role who access via Deployment 2 will have this role assigned with a branch scope
Scenario 2:
- Role B has the scope of Tenant (the role can only be assigned at the Tenant level)
- Group Association is not used
- Tenant level LTI tool is set up with 2 deployments:
- Deployment 1 - tenant level deployment
- Deployment 2 - branch level deployment
When a Global LTI role is mapped to Role B the following will happen:
Users with the Global LTI role who access via Deployment 1 will have this role assigned with a tenant scope
Users with the Global LTI role who access via Deployment 2 will NOT have this role assigned (the deployment is at branch level while the BenchPrep role has tenant level only)
Scenario 3:
- Role C has the scope of Tenant, Branch and Group (role can be assigned at Tenant, Branch or Group levels)
- Group Association IS used
- Tenant Level LTI tool is set up with 2 deployments:
- Deployment 1 - tenant level deployment/ no group association
- Deployment 2 - branch level deployment with group association enabled
When a Global LTI role is mapped to Role C the following will happen:
Users with the Global LTI role who access via Deployment 1 will have this role assigned with a tenant scope
Users with the Global LTI role who access via Deployment 2 will have the role assigned with a group scope
Scenario 4:
- Role D has the scope of Tenant and Branch (role can be assigned at Tenant or Branch levels only)
- Group Association IS used
- Tenant Level LTI tool is set up with 2 deployments:
- Deployment 1 - tenant level deployment/ no group association
- Deployment 2 - branch level deployment with group association enabled
When a Global LTI role is mapped to Role D the following will happen:
Users with the Global LTI role who access via Deployment 1 will have this role assigned with a tenant scope
Users with the Global LTI role who access via Deployment 2 will NOT have this role assigned