Enhance Oauth SSO by mapping IDP-provided groups to Coolify teams #4742
                  
                    
                      baer95
                    
                  
                
                  started this conversation in
                Improvement Requests
              
            Replies: 2 comments
-
| this could perhaps be added by implementing SCIM 2.0 | 
Beta Was this translation helpful? Give feedback.
                  
                    0 replies
                  
                
            -
| Any update on this? | 
Beta Was this translation helpful? Give feedback.
                  
                    0 replies
                  
                
            
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
        
    
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I deployed Authentik as my IDP and connected Coolify SSO to it, which works great, thank you for that!
However, I noticed that every new user coming from the IDP is created without a team, and has to be manually invited to an existing team.
It would be amazing to allow mapping groups provided by the IDP to Coolify teams, which would for example automatically put a user in the
Adminteam if the IDP-provided JWT contains anAdmingroup. Even better if Coolify could simply create any group provided by the IDP and then add the user to it.I have seen some OIDC service providers do a 1:1 mapping, and some others give you more control and flexibility by allowing you to create a mapping of which IDP-provided group should be mapped to which application group or team. That would also account for the case where the "admin" team has a different name in the IDP (eg. the
rootgroup in authentik could then be mapped to theAdminteam in Coolify).Beta Was this translation helpful? Give feedback.
All reactions