Open StevDa86 opened 1 year ago
primetheus
commented
10 months ago @StevDa86 thanks for opening this up! I'm not entirely sure I understand the ask in this one... as I understand it, AD Group Name is the IdP Group Name. In your example, the GitHub team is missing the AAD, but the AD group contains it. In this case, what would be the desired behavior?
StevDa86
commented
10 months ago i fixed this with an internal python script. the idp groups are already filtered by the AAD integration (Enterprise App). i just check if ther is an IDP where no GitHub Team exists and then i create this team including mapping this team to the responding IDP group.
That was my intention for your app.
primetheus
commented
10 months ago ah, Ok! that makes sense. I think it still makes sense to do something like this in the app, so I'll pull this one into development.
sequenceDiagram
autonumber
participant GitHub
participant team-sync
participant IdP
team-sync->>team-sync: process mapping
team-sync->>GitHub: request team members
team-sync->>IdP: request group members
IdP->>team-sync: return group members
team-sync->>team-sync: compare members
team-sync-->>GitHub: create team if not exists
team-sync->>GitHub: update team members
It would be great if after creating the teams you could also store the appropriate IDP group in the team. Here you could work e.g. with a regex or a filter
AD Group name: AAD-Test1-Dev-Admins GH Teams Name: Test1-Dev-Admins IDP group name: AAD-Test1-Dev-Admins
If an IDP group is set, no user object from the AD must be stored.