Description
Organization sync automatically assigns users to an organization based on their IDP claims. At present, this is configured by server flags.
https://github.com/coder/coder/blob/main/codersdk/deployment.go#L1587-L1598
This should be runtime configurable with a view in the global settings.
This page would look identical to the IDP sync pages today.
flowchart LR
G[OIDC Claims]
subgraph D [Deployment]
direction TB
M[[CODER_OIDC_ORGANIZATION_FIELD]]
GO[[CODER_OIDC_ORGANIZATION_MAPPING]]
OM{{Organization Membership
This decides what organizations
the auth'd user is in.
Claims are passed to the org.
}}
style T fill:transparent,stroke:transparent
T[Settings to map OIDC user --> org member]
T ~~~ M
M --> GO
GO --> OM
end
subgraph OS [Organizations]
direction TB
subgraph O1 [Organization #1 Settings]
direction TB
style TO fill:transparent,stroke:transparent
TO[Organization settings map claims
to organization groups and roles.]
O1I{{OIDC Claims}}
%% Groups
OF[("Group filters")]
OGM[("Group Link (mapping)")]
OAC[("Group Auto Create")]
O1G[Groups]
%% Roles
ORM[("Role Link (mapping)")]
OR[Organization Roles]
%% Arrows
O1I --> ORM
ORM --> OR
O1I --> OF
OF --> OGM
OF --> OAC
O1I ~~~ TO
TO ~~~ OGM
%% TO ~~~ OAC
OGM --> O1G
OAC --> O1G
end
subgraph O2 [Organization #2 Settings]
ignore["... Repeat of above ..."]
end
end
G --> D
D --OIDC claims--> O1I
D --OIDC claims--> O2
Metadata
Metadata
Assignees
Labels
No labels