discord
App group lifecycle plugin
Summary of Changes
This PR introduces a new type of Access plugin called an "app group lifecycle plugin." Such plugins support managing downstream applications based on Access app group existence and membership. This facilitates a light SCIM implementation where downstream apps' support for Okta SCIM is lacking.
Our team has already envisioned three use cases for such a plugin:
- Google Group Sync: When groups are added to specific Access apps, automatically create corresponding Google Groups via Google’s API and link them via Okta’s group push feature and API.
- GitHub Team Sync: When groups are added to specific Access apps, automatically create corresponding GitHub teams via the GitHub API and link them via GitHub’s team synchronization feature and API.
- Discord Role Sync: Sync membership of groups for specific Access apps to linked Discord roles, via Discord’s public API.
UI Screenshots
Create app
Update app
Create app group
View app
Update app group
View app group
Reviewing
There's a lot of code here (thanks, Claude!), so I strongly recommend going commit-by-commit for logically-grouped changes. This is also a substantial enough feature that I'd encourage reviewers to try it themselves in local dev.
Testing
Unit Tests
All of the plugin spec's public functions have unit tests. Run them via:
tox -e test -- tests/test_app_group_lifecycle_plugin.py
E2E Testing
I've installed the example plugin and run the app locally to play around with the UX pretty extensively.
- To see the specific tasks where the Asana app for GitHub is being used, see below:
- https://app.asana.com/0/0/1211736777101851
