feat: add group mapping option for group sync (#6705)

* feat: add group mapping option for group sync * fixup! feat: add group mapping option for group sync
2025-07-03 16:13:58 +00:00 · 2023-03-21 14:25:45 -05:00
parent 120bc4b750
commit 00860cf1c8
12 changed files with 114 additions and 18 deletions
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@ -481,6 +481,10 @@ type OIDCConfig struct {
 	// groups. If the group field is the empty string, then no group updates
 	// will ever come from the OIDC provider.
 	GroupField string
+	// GroupMapping controls how groups returned by the OIDC provider get mapped
+	// to groups within Coder.
+	// map[oidcGroupName]coderGroupName
+	GroupMapping map[string]string
 	// SignInText is the text to display on the OIDC login button
 	SignInText string
 	// IconURL points to the URL of an icon to display on the OIDC login button
@ -651,6 +655,11 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 						})
 						return
 					}
+
+					if mappedGroup, ok := api.OIDCConfig.GroupMapping[group]; ok {
+						group = mappedGroup
+					}
+
 					groups = append(groups, group)
 				}
 			} else {