You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In some applications users need to be authorized based on group membership reflected in the identity provider (e.g., Active Directory). One use case for this is when a company sells many seats of a product to a customer, and the customer wishes to control access by assigning users to groups.
From The Usher's perspective, user-to-group mappings are managed by the identity server, but The Usher will handle the mapping of groups to roles (and permissions).
Requirements
Implement the database migration to add groups and their mapping to roles.
Implement the database layer code for groups.
Add configuration for which claim in the IdP token will contain the groups information (e.g., groups).
Based on the groups claim, The Usher's tokens should grant any additional requested scopes that the groups allow.
Questions
What formatting will we need to enforce on the groups claim; can it be a space separated string?
Is there a use case for groups to ever block access to a role?
The text was updated successfully, but these errors were encountered:
Overview
In some applications users need to be authorized based on group membership reflected in the identity provider (e.g., Active Directory). One use case for this is when a company sells many seats of a product to a customer, and the customer wishes to control access by assigning users to groups.
From The Usher's perspective, user-to-group mappings are managed by the identity server, but The Usher will handle the mapping of groups to roles (and permissions).
Requirements
groups).groupsclaim, The Usher's tokens should grant any additional requested scopes that the groups allow.Questions
groupsclaim; can it be a space separated string?The text was updated successfully, but these errors were encountered: