User management API so you are able to use user provisioning for automatic user updates #2701
Comments
- Updated routes to use new format. - Changed how hidden fields are exposed to be more flexible to different use-cases. - Updated properties available on read/list results. - Started adding testing coverage. - Removed old unused UserRepo 'getAllUsers' function. Related to #2701, Progression of #2734
|
The work in #3238 has now been merged which adds a CRUD user actions to our REST API which allows many task to be automated. Therefore I will close this off. This issue hinted as SCIM but I didn't know if SCIM was the fundamental requirement of this request. The new API endpoints should allow some level of "SCIM adapter" to be created externally if desired. I wouldn't really want to implement SCIM directly into BookStack at this stage. I've reached the limit of authentication mechanisms I'm willing to support right now since they are difficult to fully understand and tricky to support for the user-base. I don't want to be spending any more of my own time:
Simply put, it's not fun work, and it provides no benefit to the vast majority of users while having a disproportionate negative affect on maintenance and my mental well-being. I'd be happy to reconsider if an enterprise account was willing to work with me while also willing to invest 💵 to make it worth my time. To pre-emptively answer the question "Would you be willing to accept a PR for SCIM"? No, as it does not solve the above. I would still have to understand the standards & requirements while having the responsibility of stability & maintenance. A PR would only really cover the most fun part, writing the code. |
|
Hi! When do you think the User management API will be available for production? |
|
Hi @Draidel, |
API Endpoint or Feature
API to access edit and maintain users to be able to use user provisioning and administer it locally from example Azure or other external services that can handle authentication to bookstack through user management API with provisioning.
I am almost certain that Azure is not the only service that provides this feature i could imagine something like Okta or other SSO providers also support this.
Use-Case
To be able to integrate bookstack even further with bookstack.
Currently you can bind groups from bookstack to groups in Azure and make them sync that way and remove users from groups.
But what happens when a user leaves and you delete them from Azure.
The user will still remain in Bookstack until you delete it manually and move the ownership.
(Maybe the content ownership should/could be moved to a default group instead)
Additional Context
I have found some more information on what it does and how user provisioning works for Azure since that is what i use with my bookstack instance
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works
The text was updated successfully, but these errors were encountered: