Synchronize groups via Identity Provider
For an authentication method, in addition to user roles, user groups can now be synchronized.
Default groups can be defined, which are always assigned to external users logging in via the authentication method. Optionally, it is possible to activate the external group synchronization with certain rules. These rules can be used, for example, to check a user’s attribute in an Active Directory and then assign a Simplifier group.
Yes, e.g. oAuth. Important for the synchronization is that the attribute which should be used for the synchronization is given by the IDP. You can see which attributes are returned in the test tab of the authentication method.
No. With the execute permission you do not have the permission to test. Additionally you would need the view permission to see the connector/business object to get to the test dialog.
No, but you can have artifacts in multiple projects. That means you could have one project that contains all apps of a location, with only View permission. You could then create separate projects for the departments, where you assign higher permissions.
All users. This is needed, for example, to add users to a project.