Chore: add setting to skip org assignment for external users (#34834)

* Chore: add setting to skip org assignment for external users Introduce 'skip_org_role_update_sync' setting to skip any kind of org assignment during the login of external users. As a consequence manual organization assignments won't be overridden during the upsert of an external user. Part of #22605 * Chore: Rename skip_org_role_update_sync to oauth_skip_org_role_update_sync and relocate it to auth section * Chore: replace global setting access where possible
2025-08-06 03:09:26 +08:00 · 2022-02-21 17:34:47 +01:00
parent 10b3847d57
commit 6beba5a049
5 changed files with 28 additions and 13 deletions
--- a/docs/sources/administration/configuration.md
+++ b/docs/sources/administration/configuration.md
@ -766,6 +766,12 @@ This setting is ignored if multiple OAuth providers are configured. Default is `
 How many seconds the OAuth state cookie lives before being deleted. Default is `600` (seconds)
 Administrators can increase this if they experience OAuth login state mismatch errors.

+### oauth_skip_org_role_update_sync
+
+Skip forced assignment of OrgID `1` or `auto_assign_org_id` for external logins. Default is `false`.
+Use this setting to distribute users with external login to multiple organizations.
+Otherwise, the users' organization would get reset on every new login, for example, via AzureAD.
+
 ### api_key_max_seconds_to_live

 Limit of API key seconds to live before expiration. Default is -1 (unlimited).