Enhance Oauth SSO by mapping IDP-provided groups to Coolify teams #4742
baer95
started this conversation in
Improvement Requests
Replies: 1 comment
-
|
this could perhaps be added by implementing SCIM 2.0 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I deployed Authentik as my IDP and connected Coolify SSO to it, which works great, thank you for that!
However, I noticed that every new user coming from the IDP is created without a team, and has to be manually invited to an existing team.
It would be amazing to allow mapping groups provided by the IDP to Coolify teams, which would for example automatically put a user in the
Adminteam if the IDP-provided JWT contains anAdmingroup. Even better if Coolify could simply create any group provided by the IDP and then add the user to it.I have seen some OIDC service providers do a 1:1 mapping, and some others give you more control and flexibility by allowing you to create a mapping of which IDP-provided group should be mapped to which application group or team. That would also account for the case where the "admin" team has a different name in the IDP (eg. the
rootgroup in authentik could then be mapped to theAdminteam in Coolify).Beta Was this translation helpful? Give feedback.
All reactions