Support intro
Sorry to hear you’re facing problems. 
The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
- Official documentation (searchable and regularly updated)
- How to topics and FAQs
- Forum search
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. 
The Basics
- Nextcloud Server version (e.g., 29.x.x):
Nextcloud Hub 10 (31.0.0)
- Operating system and version (e.g., Ubuntu 24.04):
Ubuntu 22.04
- Web server and version (e.g, Apache 2.4.25):
not sure, irrelevant
- Reverse proxy and version _(e.g. nginx 1.27.2)
- `Traefik 3
- PHP version (e.g, 8.3):
8.3.17
- Is this the first time you’ve seen this error? (Yes / No):
Yes
- When did this problem seem to first start?
Always there I think
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
docker image: nextcloud
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
yes
Summary of the issue you are facing:
I am trying to use authentik as openid provider for nextcloud.
I have followed (with understanding) instructions from the authentik website and it works fine.
The problem is with group mapping, and specifically the admin group. I would like the groups to be automatically assigned so that I have one central user directory. Unfortunately, even though the group mappings do work, the admin group does not get assigned. Instead, a new group with the same name but different id is created and assigned. And of course this new “admin” group does not grant admin privileges.
Steps to replicate it (hint: details matter!):
- install “Openid Connect user backend” app
- Configure the app to use an openid provider with group mapping
- Configure the openid provider to send “admin” among user groups
- login via configured openid
- observe a new “admin” group created which is not the same as the built in admin group. (see the below)
Log entries
Nextcloud
No relevant log entries. See the below:
php occ group:list
- admin:
- admin
- d0cc9f73ae0ff3d8927dda597a2bbc02e5b3e4ee6cb4d42f01328e5af562a206:
- <my_user_name>
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"overwriteprotocol": "https",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"upgrade.disable-web": true,
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "31.0.0.18",
"overwrite.cli.url": "https:\/\/localhost",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"overwritehost": ***REMOVED SENSITIVE VALUE***,
"twofactor_enforced": "true",
"twofactor_enforced_groups": [],
"twofactor_enforced_excluded_groups": [],
"allow_local_remote_servers": {
"true": ""
},
"auth.webauthn.enabled": {
"false": ""
},
"maintenance": false
}
}
Apps
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- circles: 31.0.0-dev.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- nextcloud_announcements: 3.0.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- spreed: 21.0.1
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- twofactor_totp: 13.0.0-dev.0
- updatenotification: 1.21.0
- user_oidc: 7.0.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0