Managing user groups using IdP
Learn how to enable user group management through your Identity Provider (IdP).
- For OIDC:
-
- efm.security.user.oidc.scopes
- efm.security.user.oidc.groupAttribute
For more information, see Configuration of OpenID Connect SSO.
- For SAML:
-
- efm.security.user.saml.groupAttribute
For more information, see Configuration of SAML 2.0 SSO.
Steps
efm.security.user.auth.groups.manager=EXTERNAL
efm.security.user.auth.groups.filter=.*
efm.security.user.auth.groups.manager
Indicates how user group management is handled: either internally or externally. When the value is set to EXTERNAL, user group management is handled by IdP. When the value is set to INTERNAL, EFM disregards any group information received from the IdP. The default value is INTERNAL.
efm.security.user.auth.groups.filter
Users might be assigned to multiple groups on the IdP side, but EFM may only need to consider a few of these groups. You can use a regular expression to define which groups should be registered in EFM. The regex allows you to specify a pattern, and only the groups that match the defined pattern will be registered in EFM.