You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Allow autoMapOrg works when the user has multiple org membership
We currently rely on org_name claim to auto map user org to Magda org.
When a user has multiple org membership, the Idp should shows an org selection screen after correct credential is supplied by the user and the user is required to select one org to complete the sign in process.
In this case, org_name claim of the user's ID token would be the name of org that the user selects during the sign in process.
For this OIDC auth plugin, we have two options to handle this situation:
Option 1: update the orgUnitId field of the relevant Magda user record on the user's every sign in.
We will only need to maintain one Magda user record with orgUnitId changing depends on the user's selection.
Magda doesn't store all information of the user. e.g. we only know the user is associated with org at any point in time.
Option 2: Map user's multiple org membership to multiple Magda user record
When the user select different org, he actually sign into different Magda account
We actually maintain multiple Magda user records for one Idp user. But Magda does store all information of the user.
Option 2 might be the preferred solution as it allow Magda to generate full picture of the user without querying Idp.
The text was updated successfully, but these errors were encountered:
Allow
autoMapOrg
works when the user has multiple org membershipWe currently rely on
org_name
claim to auto map user org to Magda org.When a user has multiple org membership, the Idp should shows an org selection screen after correct credential is supplied by the user and the user is required to select one org to complete the sign in process.
In this case,
org_name
claim of the user's ID token would be the name of org that the user selects during the sign in process.For this OIDC auth plugin, we have two options to handle this situation:
orgUnitId
changing depends on the user's selection.Option 2 might be the preferred solution as it allow Magda to generate full picture of the user without querying Idp.
The text was updated successfully, but these errors were encountered: