feat: assign users to teams via OIDC claims #1393
|
|
@ -1,8 +1,10 @@
|
|||
# Assign teams via oidc
|
||||
|
viehlieb marked this conversation as resolved
Outdated
|
||||
This PR adds the functionality to assign users to teams via oidc.
|
||||
Adds the functionality to assign users to teams via oidc.
|
||||
|
viehlieb marked this conversation as resolved
Outdated
konrad
commented
Is this a note doc or a final document for end users (admins)? Is this a note doc or a final document for end users (admins)?
viehlieb
commented
it is supposed to be a final document for admins, with relevant information for admins. it is supposed to be a final document for admins, with relevant information for admins.
konrad
commented
Then please move it to Then please move it to `docs/content/doc/setup` and fix the comments, as stated [below](https://kolaente.dev/vikunja/api/pulls/1393#issuecomment-50339).
|
||||
Read carefully and brief your administrators to use this feature.
|
||||
You need to configure your oidc provider as explained in the documentation below to make this feature work.
|
||||
Tested with oidc provider authentik.
|
||||
To distinguish between teams created in vikunja and teams generated via oidc, an attribute for vikunja teams is introduced, which is called: *oidcID*
|
||||
To distinguish between teams created in vikunja and teams generated via oidc, a string attribute for vikunja teams is introduced, which is called: *oidcID*
|
||||
You should conigure your provider to send an oidcID to vikunja.
|
||||
|
viehlieb marked this conversation as resolved
Outdated
konrad
commented
Please replace the whole paragraph with something like this: Please replace the whole paragraph with something like this:
```
Vikunja is capable of automatically adding users to a team based on a group defined in the oidc provider. If used, Vikunja will sync teams, automatically create new ones and make sure the members are part of the configured teams. Teams which only exist because they are generated from oidc attributes are not configurable in Vikunja.
See below for setup instructions.
To distinguish between teams created in Vikunja and teams generated automatically via oidc, generated teams have an `oidcID` assigned internally.
```
|
||||
|
||||
|
viehlieb marked this conversation as resolved
Outdated
konrad
commented
Where is that attribute placed? In the provider or Vikunja? How is it relevant for admins? Where is that attribute placed? In the provider or Vikunja? How is it relevant for admins?
viehlieb
commented
At that location, it is just an information as to what is happening at all. At that location, it is just an information as to what is happening at all.
konrad
commented
Okay, we should just think of fixing it before merging the PR Okay, we should just think of fixing it before merging the PR
viehlieb
commented
What's your suggested change here? What's your suggested change here?
The Data from oidc needs to be in the form, that is described in openid.md
Therefore it is relevant for adminis, that operate authentik, keycloak, etc..
konrad
commented
Okay, so Admins from the external provider need to configure their provider to send an Okay, so Admins from the external provider need to configure their provider to send an `oidcID` to Vikunja? Because that's what I'm interpreting this sentence as but that's not what it says.
|
||||
## Setup
|
||||
|
viehlieb marked this conversation as resolved
Outdated
konrad
commented
Replace with Replace with
```
## Setup for authentik
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user
Is this document final?
Should this be a document intended for admins? Or only notes for this PR?
Well actually a note for admins that are interested in using this feature.
Then please place it in the
docs/content/doc/setupfolder. And I think it needs some refinement, will add some comments.