Closed mefellows closed 1 year ago
Given the aims of #62 and drawbacks of mapping on SAML login (namely, users will still need to be manually removed, API tokens and logged in users will have permissions from their last login state), we are currently considering the value of this feature.
We are currently planning the work for #62, due for delivery in Q3 or early Q4, which would enable customers to map SAML users to appropriate roles and groups via an industry standard API. The SCIM standard also has numerous additional benefits for compliance, such as automatically offboarding employees when they are removed from your AD, updating entitlements when they change in the source system (rather than on next authentication) etc.
Regarding the narrower SAML Group Mapping feature, we are not currently looking to implement this as it will be superceded by SCIM capability. Closing.
Map incoming SAML assertions to team and role memberships.
The common scenario is to have users mapped to AD groups, and have the SAML2.0 connector populate the SAML assertion with group membership information, that can be mapped to Pactflow Roles and Teams.
This feature should be supported in both Cloud and on-premises editions.
See also #62.