Add mapping capabilities for identity providers
complete
Matar Peles
Today we have a static and strict small schema we bring about users and teams when integrating with an identity provider (user names, mails, team names)
The idea here is to have the whole payload coming from the SSO provider (the schema should be known based on the SSO protocol)
and for Port builders to be able to decide what they want to map to the user and team blueprints.
D
Dylan Rabdau
Huge fan of the product everyone but this is very disappointing. Why can we not just have real SCIM? Everyone is trying to move away from Okta API tokens, it grants you all way too much access to information you don’t need. Webhooks is also just such a bad way to do this since you’re again getting tons of information you don’t need. Not everyone in our Okta uses Port.. Why is SCIM so hard? It was originally marked as complete here (https://roadmap.port.io/ideas/p/scim-support-for-external-identity-providers-users) but completely unfunctional in its current state. I don’t want to make this comment feel like a rant, but this Product is supposed to be an Enterprise Engineering tool to make teams scale, yet we can’t even have one of the most basic Enterprise features to allow that to happen.
Aaron Taylor
Dylan Rabdau, you're absolutely right. We are currently working on real SCIM. You should hear an update about this soon.
M
Maya Margalit
marked this post as
complete
Entra ID and Okta integrations are now available in Port! they include user's enriched data, team's data and more.
Mike Lekar
Role/Permission Mapping with security groups that asserted during the callback with saml.
SCIM Integration is also another option to map secGroups with roles.
Matan Grady
This is now available for some use cases using our new S3 & Airbyte for integration - https://roadmap.port.io/ideas/p/add-mapping-capabilities-for-identity-providers
I'm sharing Airbyte docs for Okta as an example - https://docs.airbyte.com/integrations/sources/okta
In short, you can use Airbyte along with a dedicated S3 on our end to map data from Okta to Port. Airbyte is opensource and free for use when self-hosted.
Let us know if anyone wants to try it out!
Matan Grady
Travis Gosselin Etienne Jacquot Hadar Basson can you please share a bit more on what type of data you would use this capability to bring into Port?
We are looking to learn more about the use case, the type of data, and the objects associated
E
Etienne Jacquot
Matan Grady the goal is to get additional information for our user coming from our Identity Provider. As an example, we are using a UUID as unique identifier for each of our user. In our systems, it is this UUID that is identifying the users. It helps us to keep the personal information in a secured place and the systems only refer to this UUID.
I would like to be able to add (map) this information in the User blueprint based on the SAML or OIDC information send in the token.
It can also help with data such as "is manager", get the information about hierarchy, team management, ...
T
Travis Gosselin
Matan Grady Our use cases focuses around the import of the teams, to include additional metadata around extending the Team model in port. For example, including additional attributes from the identity provider around the team name, description, manager, and some other custom properties that we would use to map team inheritance to other blueprints.
S
Shlomi Benita
This is super helpful for the GitHub use cases that you have different ID than Email.