SCIM Group Filtering

[sloanja]

Is your feature request related to a problem? Please describe. I am using Authentik to provision users and groups into a Netskope lab environment with required property mappings. While I can control which users are provisioned, it also sends over ALL groups associated to those users which flood the Netskope tenant with unnecessary groups unrelated to Netskope and other SCIM targets.

Describe the solution you'd like I would like to see a section for the SCIM provider configuration called Group Filtering placed below User Filtering and above Attribute mapping. This would allow an administrator to specify specific groups that would be provisioned. It could be similiar to AzureAD SCIM or Okta's group rules.

Describe alternatives you've considered Limiting the groups imported into Authentik via the AD sync, but that would limit the instance of Authentik to only handling Netskope SCIM, decreasing the value for Authentik.

Additional context None to remark.

[marcportabellaclotet-mt]

I would like authentik to be able to filter scim groups and users. Meanwhile, I found an "ugly" workaround which works with AWS Identity Center:

• Update the groups scim mapping like:

  allowed_groups = ["Admins", "Admins2","www"]
  if group.name in allowed_groups:
  return {
  "displayName": group.name,
  }
  else:
  return {
  "displayName": " ",
  }

  Similar mapping works for users