Remove groups if not in mapping
Jeroen# 4 months, 3 weeks ago
For a confluence installation (with the MiniOrange OAuth/OpenID Client for Confluence SSO), I’m looking for a way to remove the user from groups the moment a group is removed from the IDP. Is there any way to enforce the mapping and ensure the user is not a part of any other groups?
Thanks a lot in advance!Shradha# 4 months, 2 weeks ago
Thank you for your patience on this.
The solution you are looking for can be achieved using the Group Mapping functionality provided in the plugin. You can map groups being sent from IdP against Confluence local groups. These mapped groups will get updated on user authentication (SSO).
Suppose user groups are removed from IdP and the user is trying to authentication, it will not able to find mapped groups in IdP response and in result user will get removed from groups. This way we can manage the same set of user groups in Confluence.
Could you please let me know which OAuth/OpenID Provider are you using? Also, if you are using any external user directory(AD/LDAP) for managing users and groups in Confluence?
If that’s the case then we have an alternative solution too. Syncing user details using User Directory.
Here you need to make sure the external user directory(AD/LDAP) should have read/write or read with local group permission.
You can send more details on miniOrange support at firstname.lastname@example.org or we can set up a quick call to discuss your use-case and solution in detail.