coder
diff --git a/‎cli/testdata/coder_server_--help.golden
-13 b/‎cli/testdata/coder_server_--help.golden
-13
diff --git a/‎coderd/apidoc/docs.go
+109 b/‎coderd/apidoc/docs.go
+109
diff --git a/‎coderd/apidoc/swagger.json
+95 b/‎coderd/apidoc/swagger.json
+95
diff --git a/‎coderd/database/dbauthz/dbauthz.go
+2-3 b/‎coderd/database/dbauthz/dbauthz.go
+2-3
diff --git a/‎coderd/idpsync/group.go
+5-5 b/‎coderd/idpsync/group.go
+5-5
@@ -506,11 +506,6 @@ OIDC OPTIONS:
           groups. This filter is applied after the group mapping and before the
           regex filter.
 
-      --oidc-organization-assign-default bool, $CODER_OIDC_ORGANIZATION_ASSIGN_DEFAULT (default: true)
-          If set to true, users will always be added to the default
-          organization. If organization sync is enabled, then the default org is
-          always added to the user's set of expectedorganizations.
-
       --oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"})
           OIDC auth URL parameters to pass to the upstream provider.
 
@@ -557,14 +552,6 @@ OIDC OPTIONS:
       --oidc-name-field string, $CODER_OIDC_NAME_FIELD (default: name)
           OIDC claim field to use as the name.
 
-      --oidc-organization-field string, $CODER_OIDC_ORGANIZATION_FIELD
-          This field must be set if using the organization sync feature. Set to
-          the claim to be used for organizations.
-
-      --oidc-organization-mapping struct[map[string][]uuid.UUID], $CODER_OIDC_ORGANIZATION_MAPPING (default: {})
-          A map of OIDC claims and the organizations in Coder it should map to.
-          This is required because organization IDs must be used within Coder.
-
       --oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*)
           If provided any group name not matching the regex is ignored. This
           allows for filtering out groups that are not needed. This filter is
 
@@ -33,9 +33,8 @@ var _ database.Store = (*querier)(nil)
 
 const wrapname = "dbauthz.querier"
 
-// NoActorError wraps ErrNoRows for the api to return a 404. This is the correct
-// response when the user is not authorized.
-var NoActorError = xerrors.Errorf("no authorization actor in context: %w", sql.ErrNoRows)
+// NoActorError is returned if no actor is present in the context.
+var NoActorError = xerrors.Errorf("no authorization actor in context")
 
 // NotAuthorizedError is a sentinel error that unwraps to sql.ErrNoRows.
 // This allows the internal error to be read by the caller if needed. Otherwise
 
@@ -20,12 +20,12 @@ import (
 )
 
 type GroupParams struct {
-	// SyncEnabled if false will skip syncing the user's groups
-	SyncEnabled  bool
+	// SyncEntitled if false will skip syncing the user's groups
+	SyncEntitled bool
 	MergedClaims jwt.MapClaims
 }
 
-func (AGPLIDPSync) GroupSyncEnabled() bool {
+func (AGPLIDPSync) GroupSyncEntitled() bool {
 	// AGPL does not support syncing groups.
 	return false
 }
@@ -73,13 +73,13 @@ func (s AGPLIDPSync) GroupSyncSettings(ctx context.Context, orgID uuid.UUID, db
 
 func (s AGPLIDPSync) ParseGroupClaims(_ context.Context, _ jwt.MapClaims) (GroupParams, *HTTPError) {
 	return GroupParams{
-		SyncEnabled: s.GroupSyncEnabled(),
+		SyncEntitled: s.GroupSyncEntitled(),
 	}, nil
 }
 
 func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user database.User, params GroupParams) error {
 	// Nothing happens if sync is not enabled
-	if !params.SyncEnabled {
+	if !params.SyncEntitled {
 		return nil
 	}
Original file line number	Diff line number	Diff line change
`@@ -20,12 +20,12 @@ import (`
`20`	`20`	`)`
`21`	`21`
`22`	`22`	`type GroupParams struct {`
`23`		`- // SyncEnabled if false will skip syncing the user's groups`
`24`		`- SyncEnabled bool`
	`23`	`+ // SyncEntitled if false will skip syncing the user's groups`
	`24`	`+ SyncEntitled bool`
`25`	`25`	`MergedClaims jwt.MapClaims`
`26`	`26`	`}`
`27`	`27`
`28`		`-func (AGPLIDPSync) GroupSyncEnabled() bool {`
	`28`	`+func (AGPLIDPSync) GroupSyncEntitled() bool {`
`29`	`29`	`// AGPL does not support syncing groups.`
`30`	`30`	`return false`
`31`	`31`	`}`
`@@ -73,13 +73,13 @@ func (s AGPLIDPSync) GroupSyncSettings(ctx context.Context, orgID uuid.UUID, db`
`73`	`73`
`74`	`74`	`func (s AGPLIDPSync) ParseGroupClaims(_ context.Context, _ jwt.MapClaims) (GroupParams, *HTTPError) {`
`75`	`75`	`return GroupParams{`
`76`		`- SyncEnabled: s.GroupSyncEnabled(),`
	`76`	`+ SyncEntitled: s.GroupSyncEntitled(),`
`77`	`77`	`}, nil`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user database.User, params GroupParams) error {`
`81`	`81`	`// Nothing happens if sync is not enabled`
`82`		`- if !params.SyncEnabled {`
	`82`	`+ if !params.SyncEntitled {`
`83`	`83`	`return nil`
`84`	`84`	`}`
`85`	`85`