Add note about using groups with transient-users
Document an additional approach for managing user-roles for transient-users via groups. Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
This commit is contained in:
Thomas Darimont
Hynek Mlnařík
parent
860f3b7320
commit
eb2936f655
1 changed files with 6 additions and 1 deletions
|
|
@ -38,6 +38,11 @@ When using transient users, you should be aware of the following:
|
|||
which is added to regular users automatically, but has to be assigned
|
||||
to transient users also through a mapper (e.g. the `Hardcoded Role` mapper type).
|
||||
|
||||
An alternative to the Hardcoded Role mapper approach is to use groups which allows for more flexible role mappings.
|
||||
To do so, create a group like `transient-users` and assign the `default-roles-{realm}` realm role to it.
|
||||
Then add a Hardcoded Group mapper to the identity-provider and select the `transient-users` group.
|
||||
This will ensure that all roles associated with the `transient-users` group are automatically assigned to the brokered users.
|
||||
|
||||
- Since every transient user is created afresh, mappers always
|
||||
work in the `Import` sync mode.
|
||||
|
||||
|
|
@ -55,4 +60,4 @@ When using transient users, you should be aware of the following:
|
|||
- Technically, transient user data is stored as part
|
||||
of the user session. It thus increases the session size.
|
||||
|
||||
</@tmpl.guide>
|
||||
</@tmpl.guide>
|
||||
|
|
|
|||
Loading…
Reference in a new issue