Currently in https://pantheon.corp.redhat.com/pantheon/preview/latest/4f130c75-5b58-4696-ae62-0602374b5af1 we tell IT Ops to specify the groups in their identity provider that should have JupyterHub access. It is useful for them to know how to give all users of the OpenShift Dedicated instance instead of specific groups.

To do this, IT Ops would specify "system:authenticated" (instead of the name of the group) for admin_groups or allowed_groups in the rhods-groups-config configmap.

People need cluster-admin permissions for this right now, but will only need dedicated-admin permissions for this in the future.

The JupyterHub app needs to be rolled out again by the admin when they make changes to the deploymentconfig.