OIDC Group mapping without provisioning admin

avatar1024 · March 27, 2025, 8:13am

Hello,

I am using the OpenID Connect user backend. Users and groups are mapped fine, except when it comes to the admin group which does not get provisioned, and if I try to add users manually to the group, they get kicked out.

One solution I found is to manually whitelist groups so the mapping only happens for those groups, leaving the admin group outside of the mapping which means it works normally and I can once again manually add users to it.

Now the problem is that what I would really want is to whitelist all groups except admin, and this I haven’t been able to do. I have used the following regex (and a few others) in the whitelist section but it doesn’t work. Any clues on how I could make it work?

wwe · March 27, 2025, 3:51pm

I think this one should work:

^(?!admin$).+$

I added line start and line end anchors and changed the class after the match - you class would not match spaces and capital character - might be right depending on your setup. use tools like https://regex101.com/ to test your regex against all possible inputs

avatar1024 · March 27, 2025, 4:06pm

Thank you! That indeed works very well

system · April 4, 2025, 4:06pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.