This commit add the possibility for Odoo administrator to specify a list of trusted "domains" per SAML providers.
When a user tries to authenticate to Odoo using SAML, coming from such domain & providers, its Odoo res.users account is automatically created (copied from base.default_user) instead of showing him/her 'Permission denied' or 'No access granted to this database'.
*domain refers to the suffix or login used for SAML authentication, like : henry.bernard@domain.com, like from Google, Microsoft, ...
Thus, it removes for Odoo administrators who choose SAML authentication the tasks to pre-create all users manually or through SCIM connectors.
However, it does not remove the need to tailor users access rights after the 1st login of the user.
This commit add the possibility for Odoo administrator to specify a list of trusted "domains" per SAML providers. When a user tries to authenticate to Odoo using SAML, coming from such domain & providers, its Odoo res.users account is automatically created (copied from base.default_user) instead of showing him/her 'Permission denied' or 'No access granted to this database'. *domain refers to the suffix or login used for SAML authentication, like : henry.bernard@domain.com, like from Google, Microsoft, ...
Thus, it removes for Odoo administrators who choose SAML authentication the tasks to pre-create all users manually or through SCIM connectors. However, it does not remove the need to tailor users access rights after the 1st login of the user.