To identify the SSO groups that are allowed in Tonic, in the Tonic web server container, set the value of the TONIC_SSO_GROUP_FILTER_REGEXenvironment setting to a regular expression that identifies the allowed groups.
If you do not configure this setting, then Tonic does not synchronize or load any groups from your SSO provider.
For example, to allow all groups that contain the word "Tonic", set TONIC_SSO_GROUP_FILTER_REGEX to .*Tonic.*.
To allow all SSO groups, set TONIC_SSO_GROUP_FILTER_REGEX to .*.
Cleaning up non-matching groups
When the value of TONIC_SSO_GROUP_FILTER_REGEX changes, Tonic does not automatically remove groups that were previously imported into Tonic. Groups that no longer match the filter might continue to display in Tonic.
For example, you might initially configure TONIC_SSO_GROUP_FILTER_REGEX with a permissive value and then edit it to use a more restrictive filter.
To remove the groups that no longer match the filter: