Groups - Mapping of IDP groups to piplanning app teams
You can not manually manage the users of a team as soon as you have set a OIDC Group name. If you want to manually add / remove users of that team, you need to clear the OIDC Group name field first.
How to setup OIDC-Group to piplanning app Team mapping
You can automatically add / remove users from / to teams during the login flow of a user. The single source of trough in that case will be your IDP (Identity Provider).
- Make sure that your OIDC provider returns a group claim (you may need to change the scope for that in the OIDC configuration of the cockpit). For some of the IDPs we do have detailed guides in place in this howto.
- In the cockpit, navigate to Teams
- Select the team you want to map to a OIDC-group
- Open the tabĀ OpenID Connect Group
Enter the Group name of your IDP In the OIDC Group name field
Group names are case-sensitive
Specify the piplanning app role which will be assigned to any user of that Team during login
Roles are global. If a user is in more than one team (e.g. teamA and teamB) and the two teams have a different role mapped (teamA=>Member, teamB=>Observer) to them: The user will get the role with the highest privilege (=> Member)
- => As soon as someone logs in to the piplanning app, he will be added to this team
Support of Groups in Active Directory
The automatic group mapping is currently not supported for Microsoft Active Directory.