Skip to content

Add CODER_OIDC_ALLOWED_GROUPS to limit which groups can sign in to Coder #10705

New issue
New issue
Closed
#11070
Closed
Add CODER_OIDC_ALLOWED_GROUPS to limit which groups can sign in to Coder#10705
#11070
Assignees
Emyrk
@bpmct

Description

@bpmct
bpmct
opened on Nov 14, 2023

Background

For GitHub, we have https://coder.com/docs/v2/latest/cli/server#--oauth2-github-allowed-orgs and https://coder.com/docs/v2/latest/cli/server#--oauth2-github-allowed-teams that only allows a subset of GitHub users to log in to Coder.

We do not have something similar for OIDC log ins.

Proposal

  • Add CODER_OIDC_ALLOWED_GROUPS which accepts a list of strings (group names).
  • If a user is not in any of the groups, display an error, similar to the GitHub one
  • Use https://coder.com/docs/v2/latest/cli/server#--oidc-group-field to define which groups claim is used to validate against
  • Display a proper error/warning in the server if the claim is not being sent, similar to how we do for group sync

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions