Links

Synchronizing SSO groups with Tonic

Identifying the allowed groups

To identify the SSO groups that are allowed in Tonic, in the Tonic web server container, set the value of the TONIC_SSO_GROUP_FILTER_REGEX environment setting to a regular expression that identifies the allowed groups.
If you do not configure this setting, then Tonic does not synchronize or load any groups from your SSO provider.
For example, to allow all groups that contain the word "Tonic", set TONIC_SSO_GROUP_FILTER_REGEX to .*Tonic.*.
To allow all SSO groups, set TONIC_SSO_GROUP_FILTER_REGEX to .*.

Cleaning up non-matching groups

When the value of TONIC_SSO_GROUP_FILTER_REGEX changes, Tonic does not automatically remove groups that were previously imported into Tonic. Groups that no longer match the filter might continue to display in Tonic.
For example, you might initially configure TONIC_SSO_GROUP_FILTER_REGEX with a permissive value and then edit it to use a more restrictive filter.
To remove the groups that no longer match the filter:
  1. 1.
    Display the list of SSO groups. If there are non-matching groups, then the Clean Up Groups button is enabled.
  2. 2.
    To remove the non-matching groups:
    1. 1.
      Click Clean Up Groups.
    2. 2.
      On the Clean Up Groups dialog, review the list of groups to remove.
    3. 3.
      To confirm the removal, click Remove Groups.
When a group is removed, it is also removed from any workspaces that it was granted access to.
Last modified 3mo ago