Automatic User mapping#

Argus can be set up to automatically map new users based on the claims in the ID-token from the ID-provider.
This way, users can be managed by the ID provider, and role-based permissions may be managed only on the group level.

Requirements#

  • The provider is set up with mapping for the "name, email and groups claims

  • The groups claim must resolve to a claim with an array of group names, which the user is member of. These are referred to as “external group names”.

  • External group which corresponds to groups defined in Argus must be mapped explicitly using the external group name, as they appear in the “groups” claim.

  • A new user will only be mapped if he/she is member of at least one mapped group

Mapping groups#

curl -XPOST -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/authentication/v1/openid/provider/myprovider/groupmappings -d 
{
  "argusGroup": "customer-soc-group",
  "externalGroupName": "SOC-Users"
}