feat: add SCIM support for multi-organization (#14691)

* chore: use legacy "AssignDefault" option for legacy behavior in SCIM (#14696) * chore: reference legacy assign default option for legacy behavior AssignDefault is a boolean flag mainly for single org and legacy deployments. Use this flag to determine SCIM behavior. --------- Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
2025-07-15 22:20:27 +00:00 · 2024-09-16 19:17:38 -05:00
parent 71393743dc
commit ff1eabebe5
4 changed files with 79 additions and 9 deletions
--- a/coderd/idpsync/idpsync.go
+++ b/coderd/idpsync/idpsync.go
@ -24,6 +24,7 @@ import (
 // claims to the internal representation of a user in Coder.
 // TODO: Move group + role sync into this interface.
 type IDPSync interface {
+	AssignDefaultOrganization() bool
 	OrganizationSyncEnabled() bool
 	// ParseOrganizationClaims takes claims from an OIDC provider, and returns the
 	// organization sync params for assigning users into organizations.
--- a/coderd/idpsync/organization.go
+++ b/coderd/idpsync/organization.go
@ -32,6 +32,10 @@ func (AGPLIDPSync) OrganizationSyncEnabled() bool {
 	return false
 }

+func (s AGPLIDPSync) AssignDefaultOrganization() bool {
+	return s.OrganizationAssignDefault
+}
+
 func (s AGPLIDPSync) ParseOrganizationClaims(_ context.Context, _ jwt.MapClaims) (OrganizationParams, *HTTPError) {
 	// For AGPL we only sync the default organization.
 	return OrganizationParams{