Remove groups if not in mapping

  • Jeroen
    # 2 years, 9 months ago

    Hi There,

    For a confluence installation (with the MiniOrange OAuth/OpenID Client for Confluence SSO), I’m looking for a way to remove the user from groups the moment a group is removed from the IDP. Is there any way to enforce the mapping and ensure the user is not a part of any other groups?

    Thanks a lot in advance!

    # 2 years, 9 months ago

    Hi Jeroen,

    Thank you for your patience on this.

    The solution you are looking for can be achieved using the Group Mapping functionality provided in the plugin. You can map groups being sent from IdP against Confluence local groups. These mapped groups will get updated on user authentication (SSO).

    Suppose user groups are removed from IdP and the user is trying to authentication, it will not able to find mapped groups in IdP response and in result user will get removed from groups. This way we can manage the same set of user groups in Confluence.

    Could you please let me know which OAuth/OpenID Provider are you using? Also, if you are using any external user directory(AD/LDAP) for managing users and groups in Confluence?

    If that’s the case then we have an alternative solution too. Syncing user details using User Directory.
    Here you need to make sure the external user directory(AD/LDAP) should have read/write or read with local group permission.

    You can send more details on miniOrange support at or we can set up a quick call to discuss your use-case and solution in detail.


Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.