opencloud icon indicating copy to clipboard operation
opencloud copied to clipboard
Published 3 weeks ago verified publisher icon opencloud-eu

Make Autoprovisioning work in multi-tenancy setups

Open rhafer opened this issue 3 months ago • 1 comments

  • the Tenant-id comes in as a claim via OIDC, a user needs to be autoprovisioned for the correct tenant.
  • a unique identifier from the original identity management system comes in via an addtional claim (NOT the subject/issuer claim), we need to keep track of this claim in our user management in order for to being able to later deprovision (or disable) users based on this ID. This external id should NOT be use as our primary userid internally.

Challenges:

  • Currently we use the graph API internally to auto-provision the users. The graph-API does not really have a multi-tenancy concept for users. We need to find a solution here.
  • We need a way to lookup user by some external ID.

rhafer avatar Sep 04 '25 07:09 rhafer

See #1548 for a different approach

micbar avatar Sep 30 '25 09:09 micbar