omni icon indicating copy to clipboard operation
omni copied to clipboard
verified publisher icon siderolabs

[feature] Allow SAMLLabelRule to handle updating roles

Open alongwill opened this issue 8 months ago • 0 comments

Problem Description

SAMLLabelRules do not currently support changing the user's role in the identity provider (e.g. Active Directory).

https://omni.siderolabs.com/how-to-guides/using-saml-with-omni/auto-assign-roles-to-saml-users

This role assignment will only work for the new users logging in with SAML.

If the user's role in the identity provider is changed, then the user has to be deleted from Omni and recreated in order to pick up the correct role.

Solution

Can this functionality be updated to handle changes to a user's role in the identity provider? i.e. so the user does not have to be deleted and recreated.

Alternative Solutions

No response

Notes

This was raised by a customer. (Ref 502)

alongwill avatar May 12 '25 17:05 alongwill