Skip to content

docs: add cli steps for org sync #15673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Dec 10, 2024
Merged

docs: add cli steps for org sync #15673

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
960d399
add cli steps for org sync
Nov 27, 2024
001e3bd
dashboard steps to steps
Nov 27, 2024
bf4c544
html tags work better when they're closed
Nov 27, 2024
f6c35e0
md spacing
Nov 27, 2024
aefca02
md and steps cleanup
Nov 27, 2024
fdb3e68
Merge remote-tracking branch 'origin' into 15431-docs-org-sync
Dec 4, 2024
a411c80
Merge remote-tracking branch 'origin/main' into 15431-docs-org-sync
Dec 9, 2024
b336e3b
docs: add new steps for org sync through ui (#15768)
EdwardAngert Dec 10, 2024
1879e11
dashboard tab to default
EdwardAngert Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
dashboard tab to default
  • Loading branch information
@EdwardAngert
EdwardAngert committed Dec 10, 2024
commit 1879e11c369dd39de58d13d7c4af0da7cca05481
80 changes: 40 additions & 40 deletions docs/admin/users/idp-sync.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,46 @@ dashboard:

<div class="tabs">

### Dashboard

1. Confirm that your OIDC provider is sending claims. Log in with OIDC and visit
the following URL with an `Owner` account:

```text
https://[coder.example.com]/api/v2/debug/[your-username]/debug-link
```

You should see a field in either `id_token_claims`, `user_info_claims` or
both followed by a list of the user's OIDC groups in the response. This is
the [claim](https://openid.net/specs/openid-connect-core-1_0.html#Claims)
sent by the OIDC provider. See
[Troubleshooting](#troubleshooting-grouproleorganization-sync) to debug this.

Depending on the OIDC provider, this claim may be called something else.
Common names include `groups`, `memberOf`, and `roles`.

1. Fetch the corresponding organization IDs using the following endpoint:

```text
https://[coder.example.com]/api/v2/organizations
```

1. As a Coder organization user admin or site-wide user admin, go to
**Settings** > **IdP organization sync**.

1. In the **Organization sync field** text box, enter the organization claim,
then select **Save**.

Users are automatically added to the default organization.

Do not disable **Assign Default Organization**. If you disable the default
organization, the system will remove users who are already assigned to it.

1. Enter an IdP organization name and Coder organization(s), then select **Add
IdP organization**:

![IdP organization sync](../../images/admin/users/organizations/idp-org-sync.png)

### CLI

Use the Coder CLI to show and adjust the settings.
Expand Down Expand Up @@ -402,46 +442,6 @@ settings, a user's memberships will update when they log out and log back in.
| mapping | Mapping takes a claim from the IdP, and associates it with 1 or more organizations by UUID. </br> No validation is done, so you can put UUID's of orgs that do not exist (a noop). The UI picker will allow selecting orgs from a drop down, and convert it to a UUID for you. |
| organization_assign_default | This setting exists for maintaining backwards compatibility with single org deployments, either through their upgrade, or in perpetuity. </br> If this is set to 'true', all users will always be assigned to the default organization regardless of the mappings and their IdP claims. |

### Dashboard

1. Confirm that your OIDC provider is sending claims. Log in with OIDC and visit
the following URL with an `Owner` account:

```text
https://[coder.example.com]/api/v2/debug/[your-username]/debug-link
```

You should see a field in either `id_token_claims`, `user_info_claims` or
both followed by a list of the user's OIDC groups in the response. This is
the [claim](https://openid.net/specs/openid-connect-core-1_0.html#Claims)
sent by the OIDC provider. See
[Troubleshooting](#troubleshooting-grouproleorganization-sync) to debug this.

Depending on the OIDC provider, this claim may be called something else.
Common names include `groups`, `memberOf`, and `roles`.

1. Fetch the corresponding organization IDs using the following endpoint:

```text
https://[coder.example.com]/api/v2/organizations
```

1. As a Coder organization user admin or site-wide user admin, go to
**Settings** > **IdP organization sync**.

1. In the **Organization sync field** text box, enter the organization claim,
then select **Save**.

Users are automatically added to the default organization.

Do not disable **Assign Default Organization**. If you disable the default
organization, the system will remove users who are already assigned to it.

1. Enter an IdP organization name and Coder organization(s), then select **Add
IdP organization**:

![IdP organization sync](../../images/admin/users/organizations/idp-org-sync.png)

</div>

## Troubleshooting group/role/organization sync
Expand Down
Loading