Open Keyinator opened 1 year ago
This would allow to create flows which would allow users to manage their own groups. That would be very useful!
👍 for this issue. The usecase we have is using an external IDP (Okta in our case) which returns a list of groups on login. We need to ensure that groups in Authentik match what's returned from the IDP. We have this configured for first-login (enrollment), but we need to update user info every login
Afaik this is possible with the User
model. In an expression policy you should be able to get it and update the user accordingly.
Describe the solution you'd like Allow expression policies to add and remove the current user from groups.
Describe alternatives you've considered None available to my knowledge.
Additional context Currently you can add a new users to groups using dynamic groups (https://goauthentik.io/docs/flow/stages/user_write#dynamic-groups). Sadly there's two missing features: