When the Shibboleth login is enabled, roles roles are automatically applied to OpenOLAT users. The synchronisation mechanism only adds roles to users but never revokes them. The synchronisazion happens every time when a user logs in via Shibboleth.


The granting of roles is configurable in


Every new user gets the user role.


The role author is granted to a user if a Shibboleth attribute contains a certain term. The configuration has the following parameters.

Example: Every user with the term "staff" in the Shibboleth attribute "Shib-mail" gets the author role.