Organization sync settings should be runtime configurable #86
Assignees
Milestone
Comments
This was referenced Nov 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Organization sync automatically assigns users to an organization based on their IDP claims. At present, this is configured by server flags.
https://github.com/coder/coder/blob/main/codersdk/deployment.go#L1587-L1598
This should be runtime configurable with a view in the global settings.
This page would look identical to the IDP sync pages today.
flowchart LR G[OIDC Claims] subgraph D [Deployment] direction TB M[[CODER_OIDC_ORGANIZATION_FIELD]] GO[[CODER_OIDC_ORGANIZATION_MAPPING]] OM{{Organization Membership This decides what organizations the auth'd user is in. Claims are passed to the org. }} style T fill:transparent,stroke:transparent T[Settings to map OIDC user --> org member] T ~~~ M M --> GO GO --> OM end subgraph OS [Organizations] direction TB subgraph O1 [Organization #1 Settings] direction TB style TO fill:transparent,stroke:transparent TO[Organization settings map claims to organization groups and roles.] O1I{{OIDC Claims}} %% Groups OF[("Group filters")] OGM[("Group Link (mapping)")] OAC[("Group Auto Create")] O1G[Groups] %% Roles ORM[("Role Link (mapping)")] OR[Organization Roles] %% Arrows O1I --> ORM ORM --> OR O1I --> OF OF --> OGM OF --> OAC O1I ~~~ TO TO ~~~ OGM %% TO ~~~ OAC OGM --> O1G OAC --> O1G end subgraph O2 [Organization #2 Settings] ignore["... Repeat of above ..."] end end G --> D D --OIDC claims--> O1I D --OIDC claims--> O2The text was updated successfully, but these errors were encountered: