devtron icon indicating copy to clipboard operation
devtron copied to clipboard

Published 20 hours ago verified publisher icon devtron-labs

Feature: Automate user assignment to groups

Open Amita22 opened this issue 1 year ago • 6 comments

🔖 Feature description

These are the logs of argocd-dex-server upon successful login:

[Dec 15 2023 10:23:39 GMT+0530] argocd-dex-server-fbf4679bc-whs6s: time="2023-12-15T04:53:39Z" level=info msg="login successful: connector \"oauth\", username=\"[email protected]\", preferred_username=\"[email protected]\", email=\"[email protected]\", groups=[\"GROUP1\" \"GROUP2\"]"

I want to automate the process of assigning the user to one of the groups mentioned under groups that exist in Devtron. If none of the groups exists in Devtron then assign the user to the default group.

🎤 Pitch / Usecases

In my use-case, we will have certain required groups created in Devtron with specific permissions. When a user logs in I want that user to be assigned to a specific group. For example:

I have a user [email protected] when he logs in the groups associated with this user are: groups=[\"GROUP1\" \"GROUP2\"]" which are the IDP groups.

Following are the argo-cd logs [Dec 15 2023 10:23:39 GMT+0530] argocd-dex-server-fbf4679bc-whs6s: time="2023-12-15T04:53:39Z" level=info msg="login successful: connector \"oauth\", username=\"[email protected]", preferred_username=\"[email protected]\", email=\"[email protected]\", groups=[\"GROUP1\" \"GROUP2\"]"

Usecase1: The user should be mapped to all the groups coming from the IDP to the locally defined devtron groups.

Usecase2: If none of the group exists in the Devtron, then the user should be assigned to the default group.

🔄️ Alternative

No response

👀 Have you spent some time to check if this issue has been raised before?

  • [X] I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

AB#7935

Amita22 avatar Jan 08 '24 08:01 Amita22

@Amita22 Can you please verify if this issue is Duplicate of https://github.com/devtron-labs/devtron/issues/3287 So that we can close either of these?

prakarsh-dt avatar Jan 08 '24 13:01 prakarsh-dt

Usecase3 is pointing to self registration feature which is a duplicate of #3287 But the usecase1 and usecase2 are not covered in #3287

Amita22 avatar Jan 09 '24 14:01 Amita22

@prakarsh-dt any updates on this?

Amita22 avatar Jan 16 '24 12:01 Amita22

@Amita22 Is this something you're looking for https://docs.devtron.ai/global-configurations/authorization/sso-login/ldap#auto-assign-permissions

abhibhaw avatar Jan 18 '24 14:01 abhibhaw

@abhibhaw Yes we want something similar but for OIDC.

Amita22 avatar Jan 18 '24 15:01 Amita22

We're planning to incorporate OIDC support in the near future. This feature is part of our enterprise offering. Existing enterprise customers can initiate a request through their Point of Contact (POC) to have OIDC support prioritized. If you're not yet an enterprise customer, you can find more information at: https://devtron.ai/pricing

abhibhaw avatar Jan 18 '24 18:01 abhibhaw