You can assign the roles for the origin Identity Provider users in Service Provider Brokering using the attributes of the transient federation. When you login as a transient user the federation is authenticated based on roles.
In Administration Console Dashboard, click Devices > Identity Servers > Brokering or click Devices > Identity Servers > Edit > SAML 2.0 > Trusted Providers > (Broker Identity under the Identity Providers list) > Configuration > Attributes.
Select the Attribute set from the drop-down list.
Select the attribute names in the Available List and move to Send with Authentication list using the arrows.
Click Apply to map and set the attribute changes to the selected role of the origin identity provider.
In Administration Console Dashboard, click Devices > Identity Servers > Brokering or click Devices > Identity Servers > Edit > SAML 2.0 > Service Providers > (Broker Identity under the Service Providers list) > Configuration > Attributes.
Select the Attribute set from the drop-down list.
Select the attribute names in the Available List and move to Send with Authentication list using the arrows.
Click Apply to map and set the attribute changes to the selected role of the target service provider.
The attributes configured in origin identity provider and the target service provider displays the attributes based on the role selected in the brokering service provider attribute configuration available list.
Click Devices > Identity Servers > Brokering or click Devices > Identity Servers > Edit > SAML 2.0 > Service Providers > (Broker Identity under the Service Providers list) > Configuration > Attributes.
Select the Attribute set.
Select the attribute names in Available List and move to Send with Authentication.
Click Apply to map and set the attribute changes to the selected role of the brokering service provider.