diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index 35990e4622..b09cbf9699 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -369,6 +369,10 @@ def on_populate_user(sender, **kwargs):
         remove_admins = bool(org_opts.get('remove_admins', remove))
         _update_m2m_from_groups(user, ldap_user, org.admin_role.members, admins_opts,
                                 remove_admins)
+        auditors_opts = org_opts.get('auditors', None)
+        remove_auditors = bool(org_opts.get('remove_auditors', remove))
+        _update_m2m_from_groups(user, ldap_user, org.auditor_role.members, auditors_opts,
+                                remove_auditors)
         users_opts = org_opts.get('users', None)
         remove_users = bool(org_opts.get('remove_users', remove))
         _update_m2m_from_groups(user, ldap_user, org.member_role.members, users_opts,
diff --git a/awx/sso/conf.py b/awx/sso/conf.py
index 2ac51de6cd..c408d72b40 100644
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -53,6 +53,7 @@ SOCIAL_AUTH_ORGANIZATION_MAP_PLACEHOLDER = collections.OrderedDict([
     ])),
     ('Test Org', collections.OrderedDict([
         ('admins', ['admin@example.com']),
+        ('auditors', ['auditor@example.com']),
         ('users', True),
     ])),
     ('Test Org 2', collections.OrderedDict([
@@ -379,6 +380,7 @@ def _register_ldap(append=None):
         placeholder=collections.OrderedDict([
             ('Test Org', collections.OrderedDict([
                 ('admins', 'CN=Domain Admins,CN=Users,DC=example,DC=com'),
+                ('auditors', 'CN=Domain Auditors,CN=Users,DC=example,DC=com'),
                 ('users', ['CN=Domain Users,CN=Users,DC=example,DC=com']),
                 ('remove_users', True),
                 ('remove_admins', True),
@@ -1170,8 +1172,10 @@ register(
     placeholder=collections.OrderedDict([
         ('saml_attr', 'organization'),
         ('saml_admin_attr', 'organization_admin'),
+        ('saml_auditor_attr', 'organization_auditor'),
         ('remove', True),
         ('remove_admins', True),
+        ('remove_auditors', True),
     ]),
 )
 
diff --git a/awx/sso/fields.py b/awx/sso/fields.py
index 57198bf082..dddd1ee6a1 100644
--- a/awx/sso/fields.py
+++ b/awx/sso/fields.py
@@ -532,8 +532,10 @@ class LDAPSingleOrganizationMapField(HybridDictField):
 
     admins = LDAPDNMapField(allow_null=True, required=False)
     users = LDAPDNMapField(allow_null=True, required=False)
+    auditors = LDAPDNMapField(allow_null=True, required=False)
     remove_admins = fields.BooleanField(required=False)
     remove_users = fields.BooleanField(required=False)
+    remove_auditors = fields.BooleanField(required=False)
 
     child = _Forbidden()
 
@@ -729,6 +731,8 @@ class SAMLOrgAttrField(HybridDictField):
     saml_attr = fields.CharField(required=False, allow_null=True)
     remove_admins = fields.BooleanField(required=False)
     saml_admin_attr = fields.CharField(required=False, allow_null=True)
+    remove_auditors = fields.BooleanField(required=False)
+    saml_auditor_attr = fields.CharField(required=False, allow_null=True)
 
     child = _Forbidden()
 
diff --git a/awx/sso/pipeline.py b/awx/sso/pipeline.py
index 635787ef7a..50f8546b84 100644
--- a/awx/sso/pipeline.py
+++ b/awx/sso/pipeline.py
@@ -151,17 +151,20 @@ def update_user_orgs_by_saml_attr(backend, details, user=None, *args, **kwargs):
         return
     from django.conf import settings
     org_map = settings.SOCIAL_AUTH_SAML_ORGANIZATION_ATTR
-    if org_map.get('saml_attr') is None and org_map.get('saml_admin_attr') is None:
+    if org_map.get('saml_attr') is None and org_map.get('saml_admin_attr') is None and org_map.get('saml_auditor_attr') is None:
         return
 
     remove = bool(org_map.get('remove', True))
     remove_admins = bool(org_map.get('remove_admins', True))
+    remove_auditors = bool(org_map.get('remove_auditors', True))
 
     attr_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_attr'], [])
     attr_admin_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_admin_attr'], [])
+    attr_auditor_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_auditor_attr'], [])
 
     _update_org_from_attr(user, "member_role", attr_values, remove, False)
     _update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins)
+    _update_org_from_attr(user, "auditor_role", attr_auditor_values, False, remove_auditors)
 
 
 def update_user_teams_by_saml_attr(backend, details, user=None, *args, **kwargs):
diff --git a/awx/sso/tests/functional/test_pipeline.py b/awx/sso/tests/functional/test_pipeline.py
index 1552aa10f7..78a04a0481 100644
--- a/awx/sso/tests/functional/test_pipeline.py
+++ b/awx/sso/tests/functional/test_pipeline.py
@@ -150,6 +150,7 @@ class TestSAMLAttr():
                 'attributes': {
                     'memberOf': ['Default1', 'Default2'],
                     'admins': ['Default3'],
+                    'auditors': ['Default4'],
                     'groups': ['Blue', 'Red'],
                     'User.email': ['cmeyers@redhat.com'],
                     'User.LastName': ['Meyers'],
@@ -178,6 +179,7 @@ class TestSAMLAttr():
             SOCIAL_AUTH_SAML_ORGANIZATION_ATTR = {
                 'saml_attr': 'memberOf',
                 'saml_admin_attr': 'admins',
+                'saml_auditor_attr': 'auditors',
                 'remove': True,
                 'remove_admins': True,
             }