Groups - Mapping of IDP groups to piplanning app teams

You can not manually manage the users of a team as soon as you have set a OIDC Group name. If you want to manually add / remove users of that team, you need to clear the OIDC Group name field first.

How to setup OIDC-Group to piplanning app Team mapping

You can automatically add / remove users from / to teams during the login flow of a user. The single source of trough in that case will be your IDP (Identity Provider).

  1. Make sure that your OIDC provider returns a group claim (you may need to change the scope for that in the OIDC configuration of the cockpit). For some of the IDPs we do have detailed guides in place in this howto.
    1. Allow Okta groups to be read by the piplanning app
  2. In the cockpit, navigate to Teams
  3. Select the team you want to map to a OIDC-group
  4. Open the tabĀ OpenID Connect Group
  5. Enter the Group name of your IDP In the OIDC Group name field

    Group names are case-sensitive

  6. Specify the piplanning app role which will be assigned to any user of that Team during login

    Roles are global. If a user is in more than one team (e.g. teamA and teamB) and the two teams have a different role mapped (teamA=>Member, teamB=>Observer) to them: The user will get the role with the highest privilege (=> Member)

  7. => As soon as someone logs in to the piplanning app, he will be added to this team

Support of Groups in Active Directory

The automatic group mapping is currently not supported for Microsoft Active Directory.

Explanation of teams and role mapping in an example