Skip to main content

Mapping Groups to Teams

Apidog does not support creating or deleting groups using SCIM. However, mapping an identity provider (IdP)'s group to a team within your Apidog organization via SAML is supported.

Modify Claim of SSO

To support group mapping via SAML, you should add a group claim of SSO:

  • Open your Microsoft Entra ID management portal in a browser.

  • Go to Enterprise applications and open your enterprise application.

  • On the application's Overview page, click Set up single sign on, and edit Attributes & Claims.

Setting up single sign on

  • Click Add a group claim, select All groups, check Customize the name of the group claim, and set "Name" to "groups".

Customize the name of the group claim

After this setting, when a user signs in with SSO, Apidog can obtain the unique identifier (object id) of the group to which the user belongs. In addition, Apidog will NOT obtain any information about any groups in Azure.

Configure Mapping

Next, we can configure the mapping between group and team:

  • Open the Groups page of Microsoft EntraID, you can find that each group has a Name and Object Id.

Open Microsoft EntraID

  • Open the SAML Group page in the organization settings of Apidog, then you can paste the name and id of the Azure group.

  • Set the permissions of members of this Azure group on each Apidog team.

Setting permissions on Apidog

When a user signs in with SSO, the corresponding team access permissions will be granted according to the configuration.