mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

clarify okta claim configuration requirement (#16142)

Browse Source
This commit is contained in:
Peter Childs
2024-06-20 00:57:10 +09:30
committed by GitHub
parent cce0a587f4
commit e48897c881
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/Extensions/OAuth-SAML.md
View File

@@ -298,6 +298,11 @@ Socialite can specifiy scopes that should be included with in the authentication
For example, if Okta is configured to expose group information it is possible to use these group For example, if Okta is configured to expose group information it is possible to use these group
names to configure User Roles. names to configure User Roles.
This requires configuration in Okta. You can set the 'Groups claim type' to 'Filter' and supply
a regex of which groups should be returned which can be mapped below.
![socialite-okta-1](/img/socialite-okta-4.png)
First enable sending the 'groups' claim (along with the normal openid, profile, and email claims). First enable sending the 'groups' claim (along with the normal openid, profile, and email claims).
Be aware that the scope name must match the claim name. For identity providers where the scope does Be aware that the scope name must match the claim name. For identity providers where the scope does
not match (e.g. Keycloak: roles -> groups) you need to configure a custom scope. not match (e.g. Keycloak: roles -> groups) you need to configure a custom scope.

BIN
doc/img/socialite-okta-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB