To identify the SSO groups that are allowed in Tonic Structural, in the Structural web server container, set the value of the TONIC_SSO_GROUP_FILTER_REGEX
environment setting to a regular expression that identifies the allowed groups.
If you do not configure this setting, then Structural does not synchronize or load any groups from your SSO provider.
For example, to allow all groups that contain the word "Structural", set TONIC_SSO_GROUP_FILTER_REGEX
to .*Structural.*
.
To allow all SSO groups, set TONIC_SSO_GROUP_FILTER_REGEX
to .*
.
When the value of TONIC_SSO_GROUP_FILTER_REGEX
changes, Structural does not automatically remove groups that were previously imported into Structural. Groups that no longer match the filter might continue to display in Structural.
For example, you might initially configure TONIC_SSO_GROUP_FILTER_REGEX
with a permissive value and then edit it to use a more restrictive filter.
To remove the groups that no longer match the filter:
Display the list of SSO groups. If there are non-matching groups, then the Clean Up Groups button is enabled.
To remove the non-matching groups:
Click Clean Up Groups.
On the Clean Up Groups dialog, review the list of groups to remove.
To confirm the removal, click Remove Groups.
When a group is removed, it is also removed from any workspaces that it was granted access to.