| description |
|---|
The list of supported auth providers for RBAC |
Any OAuth provider not on the list of all providers below this one.
Set up the auth itself first, docs here and here. Don't forget "custom-params.type: oauth".
subjects:
- provider: oauth
type: role
value: "role-name"
- provider: oauth
type: user
value: "zoidberg"Set up google auth first
- provider: oauth_google
type: domain
value: "memelord.lol"
- provider: oauth_google
type: user
value: "kek@memelord.lol"Set up github auth first
- provider: oauth_github
type: organization
value: "kafbat"
- provider: oauth_github
type: user
value: "memelord"
- provider: oauth_github
type: team
value: "kafbat/backend"Set up cognito auth first
- provider: oauth_cognito
type: user
value: "zoidberg"
- provider: oauth_cognito
type: group
value: "memelords"Set up LDAP auth first
- provider: ldap
type: group
value: "admin_staff"Not yet supported, see Issue 3741
- provider: ldap_ad # NOT YET SUPPORTED, SEE ISSUE 3741
type: group
value: "admin_staff"You can map Okta Groups to roles. First, confirm that your okta administrator has included the group claim or the groups will not be passed in the auth token.
Ensure roles-field in the auth config is set to groups and that groups is included in the scope, see here for more details.
Configure the role mapping to the okta group via generic provider mentioned above:
subjects:
- provider: oauth
type: role
value: "<okta-group-name>"You can map GoAuthentic Groups to roles. First, confirm that your GoAuthentic administrator has included the profile claim or the groups will not be passed in the auth token.
Ensure roles-field in the auth config is set to groups and that profile is included in the scope, as groups are passed by default in the profile scope. See here for more details.
Configure the role mapping to the GoAuthentic group via generic provider mentioned above:
subjects:
- provider: oauth
type: role
value: "<goauthentic-group-name>"