You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. Enable both "Create Users" and "Deactivate Users", then "Save" your changes.
62
+
61
63
62
64
As a result of these changes, users who are assigned will be sent an invitation email. When a user is un-assigned, their membership object in Sentry will be deleted.
63
65
64
66
You can use "Push Groups" to sync and assign groups in Okta; they will be reflected in Sentry teams.
65
67
66
-
### Known Issues / Troubleshooting
68
+
### Configuring organization-level roles (Beta)
69
+
70
+
<Alertlevel="warning">
71
+
72
+
Organization role provisioning is in beta. If you'd like to try this feature, contact [email protected].
73
+
74
+
</Alert>
75
+
76
+
Here's how to assign an organization-level role to an Okta group:
77
+
78
+
1. Add a new custom attribute to your Okta application profile.
79
+
80
+
a. Navigate to your application settings in Okta
81
+
82
+
b. Under the "Provisioning" tab, select "Go to Profile Editor"
83
+
84
+
85
+
c. Select "+ Add Attribute"
86
+
87
+
88
+
d. Fill out the form with the following settings (you can set whatever value you want for any setting not listed below):
3. In the form, enter the string for the org-level role
103
+
104
+
105
+
- If the `sentryOrgField` field is left blank, Group members will be provisioned with the default organization-level role. This default role is configured in Sentry, under Settings -> Organization -> Auth. Otherwise, the role must be one of the following:
106
+
- Admin
107
+
- Manager
108
+
- Billing
109
+
- Member
110
+
- Invalid role names will prevent group members from being provisioned. To try again, you'll need to remove the group first.
111
+
- For security, The "Owner" role cannot be provisioned through SCIM.
112
+
- For self-hosted users with custom roles, this extends to any role with the `org:admin` permission
113
+
114
+
<Alertlevel="note">
115
+
116
+
If a user is a member of multiple Okta groups, only the attributes set by the first group will be used.
117
+
118
+
</Alert>
119
+
120
+
### Troubleshooting
121
+
122
+
#### I get an error in Okta when provisioning a user saying "Matching user not found"
123
+
124
+
Make sure that `Create User` and `Deactivate User` are enabled in the "Provisioning" tab of your Sentry application in Okta
125
+
126
+
#### I pushed a group to Sentry but the team is empty. (Or) I assigned Sentry to a group but no team was created?
127
+
128
+
In Okta, there's a difference between pushing and assigning.
129
+
130
+
Assigning Sentry to a group is the same as assigning Sentry to every member of that group. Functionally, this
131
+
provisions every group member within Sentry.
132
+
133
+
Pushing a group, on the other hand, only tells Sentry to create a new team with the same name as the Okta group. Group
134
+
members will be added to the Sentry team only if the user is already provisioned.
135
+
136
+
In order to sync a group in Okta as a team in Sentry:
137
+
1. Assign Sentry to the Group and allow the users to be provisioned
138
+
2. Push the Group to Sentry
139
+
140
+
### Known Issues
67
141
68
-
- Sentry does not currently support setting any User attributes other than `userName` and `active`.
69
142
- The Import Users feature is not currently supported. Sentry's SCIM API does not at this time support the User `name` attribute fields `firstName` and `lastName`. Instead, we return these with values of `N/A` for compatibility purposes.
70
143
- Setting `active` to `false` on a User will delete the organization member record associated with the user.
71
144
- The only filter operation supported for resources is `eq`.
0 commit comments