When a user logs in using Google SSO he is associated with an org. I want users logged in using Google SSO to be associated with org + custom groups, is there a way to do this ?|
It will need to be either organizations or groups. The groups mode can be used for more complex cases where multiple groups are needed. To do this delete all the organizations and create one organization. Set this organization as the default single sign-on organization in the top right settings then attach the organization to all servers. Then run the commands below. In each of the server settings add the groups that will be able to access that server. This can result in larger usage of IP address pools. Every user that is attached to a server will have a static IP assigned even if a group is not matched. The server virtual network subnet size should allow for this. For SAML the attribute groups is used to set a comma separated list of groups.
sudo pritunl set app.sso_azure_mode '"groups"'
sudo pritunl set app.sso_authzero_mode '"groups"'
sudo pritunl set app.sso_google_mode '"groups"'
let’s say my group is named demo this is a manually created string entered under Groups in Server Settings [ its not a Google group] . I want all the SSO users to be given default access to demo. That is if I click on Modify user for SSO user there I should see demo under Groups. Could you elaborate on your solution based on this test case?
There is no option to set default groups for users. Once a server has groups configured every user must have at least one matching group.
Can we have this feature? Reason: we are using the enterprise edition of pritunl and are trying to solve a problem where any SSO user should get default access to a server using groups ( groups because we have another set of user non-SSO users configured to servers using groups )
It should be possible to do it with a plugin. There is more information in the plugin documentation.
def sso_authenticate(sso_type, host_id, host_name, user_name, user_email,
remote_ip, sso_org_names, sso_group_names, **kwargs):
return True, 'default_org', ['default_group'] + (sso_group_names or [])