You can not manually manage the users of a team as soon as you have set a OIDC Group name. If you want to manually add / remove users of that team, you need to clear the OIDC Group name field first.

You can automatically add / remove users from / to teams during the login flow of a user. The single source of trough in that case will be your IDP (Identity Provider).

  1. Make sure that your OIDC provider returns a group claim (you may need to change the scope for that in the OIDC configuration of the cockpit). For some of the IDPs we do have detailed guides in place in this howto.
    1. Allow Okta groups to be read by the piplanning app
  2. In the cockpit, navigate to Teams
  3. Select the team you want to map to a OIDC-group
  4. Open the tabĀ OpenID Connect Group
  5. Enter the Group name of your IDP In the OIDC Group name field

    Group names are case-sensitive

  6. Specify the piplanning app role which will be assigned to any user of that Group during login

    Roles are global. If a user is in more than one group (e.g. groupA and groupB) and the two groups have a different role mapped (groupA=>Member, groupB=>Observer) to them: The user will get the role with the highest privilege (=> Member)

  7. => As soon as someone logs in to the piplanning app, he will be added to this group