Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-35570

Provide options to have a user assinged to specific organization and location during first login via an external auth-source in a Multi-Org setup

XMLWordPrintable

    • False
    • sat-endeavour
    • None
    • None
    • None
    • None

      Overview

      In a Satellite setup using an external authentication provider, users are mapped to internal roles via group or identity mapping. However, current behavior creates challenges in multi-organization environments:

      • If no organization is selected under the external authentication source, users log in with no assigned org, requiring manual assignment.
      • If all organizations are selected, users can see all orgs in the dropdown — even if access is restricted — which poses visibility concerns.

      This enhancement would allow users to be automatically assigned to a specific organization on first login, based on external identity mapping, and prevent visibility of other organizations in the UI.

      Background and Strategic Fit

      This feature addresses a common need in multi-tenant Satellite environments, where different business units or external entities share a single Satellite instance. Ensuring users only see and access their own organization is crucial for security, compliance, and user experience.

      Currently, Satellite lacks a way to automate this while maintaining strict org-level visibility. Adding this functionality would improve scalability, security, and ease of administration — in line with Red Hat’s product vision.

      Goals

      • Automatically assign a user to a specific organization during first login based on external group/identity mapping.
      • Prevent users from seeing or selecting other organizations.
      • Eliminate manual post-login steps.
      • Improve experience in multi-org Satellite environments.

      Requirements

       

      Use Cases (User Experience & Workflow)

      Use Case – Automatic Org Assignment on Login

      1. Admin configures an external authentication source with group/identity mapping.
      1. A user logs into Satellite via the external provider for the first time.
      1. Satellite automatically:
        • Assigns the user to the mapped organization.
        • Ensures only that organization is visible in the dropdown.
        • Applies appropriate internal role mapping.

      Current Limitation:
      Users either get no org assigned (requiring manual setup) or see all orgs (which violates visibility restrictions).

      Expected Outcome:
      The user is seamlessly logged in with proper access and visibility — no manual changes needed.

       

              Unassigned Unassigned
              rhn-support-sshelke Shubham Shelke
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: