Group Provisioning

This feature is available on our Premium and Enterprise Plans.

Group provisioning allows you to sync the user groups from your authentication provider with your Slite user groups. This will automatically maintain the integrity of your Slite permissions while saving time whenever users are added or removed.

Like with   user provisioning  , Slite supports JIT (Just-In-Time) group provisioning.

Providers like Okta, OneLogin and AzureAD are fully supported, but any provider supporting the groups scope should be compatible with this feature.

Capabilities

  • Your Slite user groups will be synced with the selected OAuth user groups.
  • When users are added or removed from your OAuth groups, the same will automatically happen with your Slite groups.

How to set it up?

Create the groups claim filter to pass your user groups to Slite, via a section called something like "Token configuration", "OpenID Connect ID Connect", etc in your settings for the Slite app, within your SSO Provider account.

Example in AzureAD:


Example in Okta:


Verifying OAuth (OpenId) provider compatibility

If your OAuth provider supports the groups scope that you've set up with them in the previous section, and is configured to send groups to Slite application, you should be able to see your current OAuth user group. To do so, click your team avatar in the upper left, then click "My settings". In "My settings" in your "Personal settings" then Open Debug panel.

https://slite.com/api/files/NKD3n_h8COVgcF/Peek+08-10-2021+14-45.gif?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiNTZNdVIzM0xFTjZINEoiLCJpYXQiOjE3MjkyNDA5MDEsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTlpiQll6N1JRZ0dmUjkiLCJleHAiOjE3MzE4MzI5MDF9.h7rXa9XPCKcMecmj2mjB3YdZzxPAUZ1zYlwcRY2Z_80

Activation and association of groups

Group provisioning is setup under   the user groups   you have created in Slite.
    .1Head to the user group page, select the Slite group you want to automatically provision, and click "Enable synchronization".
    .2A new text box will appear, allowing you to indicate the names of the OAuth groups you wish to sync with the selected Slite group.
    .3Copy the names of the groups from your OAuth provider and paste them in the text box, separated with a comma (e.g, usa-sales,europe-sales).
Red Exclamation Mark Once the sync occurs, any Slite users who aren't members of the OAuth group will be removed from the Slite group. Users who are members of the OAuth group but not the Slite group will be added to it.

https://slite.com/api/files/U18L1azl9jywEe/Peek+07-10-2021+15-26.gif?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiNTZNdVIzM0xFTjZINEoiLCJpYXQiOjE3MjkyNDA5MDEsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTlpiQll6N1JRZ0dmUjkiLCJleHAiOjE3MzE4MzI5MDF9.h7rXa9XPCKcMecmj2mjB3YdZzxPAUZ1zYlwcRY2Z_80

When are groups synchronized?

The groups are synchronized when one of the following actions occurs:
  • The user signs-in.
  • The user's token refreshes (every hour by default).
  • The user clicks on refresh in their "Personal settings" then Profile.

https://slite.com/api/files/S_81a3Yp5GFHG-/Peek+08-10-2021+14-47.gif?apiToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IjIwMjMtMDUtMDQifQ.eyJzY29wZSI6Im5vdGUtZXhwb3J0IiwibmlkIjoiNTZNdVIzM0xFTjZINEoiLCJpYXQiOjE3MjkyNDA5MDEsImlzcyI6Imh0dHBzOi8vc2xpdGUuY29tIiwianRpIjoiTlpiQll6N1JRZ0dmUjkiLCJleHAiOjE3MzE4MzI5MDF9.h7rXa9XPCKcMecmj2mjB3YdZzxPAUZ1zYlwcRY2Z_80
Reach out to  support@slite.com  or use the in-app chat if you have any questions!