Group memberships

Owned by August Heltne
Last updated: Nov 18, 2024 by Steinar Line
2 min read

Group membership allow you to assign groups to users logging in through federated SSO. This can be done in multiple different ways. For OIDC we offer to configure the names for the Groups parameter (see below), while for SAML this is a specified list of relevant names.

bilde-20241118-134116.png

 

Rules for group claims can be set to either manage groups or to create groups. If it is configured to manage a group, Kantega SSO will look for the group name in group claims. If the managed group is found, the user will be added to it in your Atlassian instance, and if the managed group is not found, then the user will be removed from that group if it was a member of it before.

bilde-20241118-141655.png

Alternatively, group claims can be used to auto-create groups that are found in the group claims. This allows you to focus on managing groups inside your identity provider since Kantega SSO will create any group that does not exist within your Atlassian instance when a user has it within their group claims.

You can read more about group claims here: Group claims from Identity Provider

In addition to the more complex group management options shown above, you can also configure assign groups that are added to all users authenticating with the identity provider. This is commonly used to add the license group in less complex environments.