Hello Team,
What is the role of SAML group attribute? Does it check if user belongs to the right AD group and if yes, then enables logins?
I see this description but I’m not much clear with it : Users are associated to the default group only if no attribute is defined.
Hi,
Sorry for the delay in replying to you.
The group attribute relates to “Group Mapping” definition found in https://docs.sonarqube.org/latest/instance-administration/delegated-auth/ :
When using group mapping, the following caveats apply regardless of which delegated authentication method is used:
- membership in synchronized groups will override any membership locally configured in SonarQube at each login
- membership in a group is synched only if a group with the same name exists in SonarQube
- membership in the default group
sonar-usersremains (this is a built-in group) even if the group does not exist in the identity provider
I hope it helps!
Regards,
Julien Lancelot