You can not manually manage the users of a team as soon as you have set a OIDC Group name. If you want to manually add / remove users of that team, you need to clear the OIDC Group name field first.
You can automatically add / remove users from / to teams during the login flow of a user. The single source of trough in that case will be your IDP (Identity Provider).
- Make sure that your OIDC provider returns a group claim (you may need to change the scope for that in the OIDC configuration of the cockpit). For some of the IDPs we do have detailed guides in place in this howto.
- In the cockpit, navigate to Teams
- Select the team you want to map to a OIDC-group
- Open the tab OpenID Connect Group
Enter the Group name of your IDP In the OIDC Group name field
Group names are case-sensitive
Specify the piplanning app role which will be assigned to any user of that Group during login
Roles are global. If a user is in more than one group (e.g. groupA and groupB) and the two groups have a different role mapped (groupA=>Member, groupB=>Observer) to them: The user will get the role with the highest privilege (=> Member)
- => As soon as someone logs in to the piplanning app, he will be added to this group