Synchronizing SSO groups with Tonic Structural

Identifying the allowed groups

To identify the SSO groups that are allowed in Tonic Structural, in the Structural web server container, set the value of the TONIC_SSO_GROUP_FILTER_REGEX environment setting to a regular expression that identifies the allowed groups.

If you do not configure this setting, then Structural does not synchronize or load any groups from your SSO provider.

For example, to allow all groups that contain the word "Structural", set TONIC_SSO_GROUP_FILTER_REGEX to .*Structural.*.

To allow all SSO groups, set TONIC_SSO_GROUP_FILTER_REGEX to .*.

Cleaning up non-matching groups

When the value of TONIC_SSO_GROUP_FILTER_REGEX changes, Structural does not automatically remove groups that were previously imported into Structural. Groups that no longer match the filter might continue to display in Structural.

For example, you might initially configure TONIC_SSO_GROUP_FILTER_REGEX with a permissive value and then edit it to use a more restrictive filter.

To remove the groups that no longer match the filter:

Display the list of SSO groups. If there are non-matching groups, then the Clean Up Groups button is enabled.
To remove the non-matching groups:
1. Click Clean Up Groups.
2. On the Clean Up Groups dialog, review the list of groups to remove.
3. To confirm the removal, click Remove Groups.

When a group is removed, it is also removed from any workspaces that it was granted access to.

Last updated 6 months ago