List org/group users

[plejon]

What is currently missing?

List group members. https://api.aiven.io/doc/#tag/Groups/operation/UserGroupMemberList

List organization users https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserList

Then a user login via IDP, i can specify to put users in a group, or the team option. lets say group name is IDP-USERS.

With terraform i would like to list members of IDP-USERS, and match if user is in a Azure Ad admin group. If they are, i would put this user in an Aiven group that had admin privileges on specific projects.

I have now solved this with two IDP setups. however, this is not ideal since it will require the users to pick form
list of urls for account registration.

How could this be improved?

enable listing users and put them in groups based on permissions

Is this a feature you would work on yourself?

no

[rsalevsky]

I'm not sure if I fully understand the problem you are solving. There is a ressource https://registry.terraform.io/providers/aiven/aiven/latest/docs/resources/organization_group_project which allows you to add a group to a project with a specific role.

[plejon]

sorry for late response. I solved this by manually adding SSO users to Aiven Org groups via cronjob. if user creates an account, within 1h the user will be added to a group that has any of read/developer/operator permissions on all projects. Target Aiven Org group is decided on IAM on my end.