Group memberships
- August Heltne
Group membership allow you to assign groups to users logging in through federated SSO. This can be done in multiple different ways.
Group parameters allow you to add the group memberships to users based on the information we receive during an SSO login. The parameters that are checked for group memberships are shown in the picture below.
Rules for group claims can be set to either manage groups or to create groups. If it is configured to manage a group, Kantega SSO will look for the group name in group claims. If the managed group is found, the user will be added to it in your Atlassian instance, and if the managed group is not found, then the user will be removed from that group if it was a member of it before.
Alternatively, group claims can be used to auto-create groups that are found in the group claims. This allows you to focus on managing groups inside your identity provider since Kantega SSO will create any group that does not exist within your Atlassian instance when a user has it within their group claims.
You can read more about group claims here: Group claims from Identity Provider
In addition to the more complex group management options shown above, you can also configure default groups that are added to all users authenticating with the identity provider. This is commonly used to add the license group in less complex environments.