When syncing users and teams with Google SAML, all users and groups will be synced with Codefresh. The Google API currently does not have the ability to retrieve assigned groups to SAML
Solution:
In the Codefresh configuration screen, there are some optional fields that you can fill to get team synchronization via the Codefresh CLI.
- Create a service account for getting the JSON Keyfile and Admin Email.
- Navigate to the Google Directory API and create the following custom schema for user accounts:
{ "schemaName": "SSO", "displayName": "SSO", "fields": [ { "fieldType": "STRING", "fieldName": "UserRole", "displayName": "UserRole", "multiValued": true, "readAccessType": "ADMINS_AND_SELF" } ] }
- Navigate to Apps > SAML apps in the GSuite Admin panel.
- Add Role attribute with created schema (SSO) and UserRole to Attribute Mapping.
- Assign user roles to every user separately using the User information screen in GSuite.
- Set custom schemaName to Sync Field in the Codefresh SAML Configuration
When you are syncing teams, this will sync all users with the "SSO" field configured, and we will use this value for the team's name.