Available for Express and Enterprise Editions only.
Overview
When a user signs in through an identity provider, Prophecy checks their group memberships and uses naming conventions to:- Create teams in Prophecy
- Assign users to those teams
- Set the user’s roles
Standard naming conventions
By default, Prophecy supports the following group naming patterns.| Group Name Pattern | Role in Prophecy |
|---|---|
<teamname>-user | Member of the <teamname> team |
<teamname>-admin | Admin of the <teamname> team |
prophecy-admin | Prophecy cluster admin |
Custom naming conventions
If your organization uses more complex naming schemes (for instance, with prefixes or suffixes), Prophecy can still infer team names and assign roles appropriately. The following custom patterns are supported.| Group Name Pattern | Example | Role in Prophecy |
|---|---|---|
(<prefix>-)prophecy-cluster-admin(-<suffix>) | corp-prophecy-cluster-admin | Prophecy cluster admin |
<prefix>-<teamname>-admin | corp-finance-admin | Admin of the finance team |
<prefix>-<teamname>-user | corp-finance-user | Member of the finance team |
<prefix>-<teamname>-prophecy-team-admin(-<suffix>) | corp-sales-prophecy-team-admin-emea | Admin of the sales team |
<prefix>-<teamname>-prophecy-team(-<suffix>) | corp-sales-prophecy-team-emea | Member of the sales team |
<prefix> and <suffix> from group names to determine the team name. The prefix and suffix will not appear in the Prophecy UI.
Required configurations
To enable automatic team creation using custom naming schemes, you must configure the following environment variables for your deployment.Please reach out to us to set up these configurations.
For LDAP
To use automatic team creation, enable the following flag.For both SCIM and LDAP
To identify and remove prefixes from team names in Prophecy, add the prefix to thePROPHECY_IDP_TEAMNAME_STRIP_REGEX variable.
prefix- with your actual prefix (for example, corp-, info-, etc.). Prophecy will strip this from group names before creating or matching teams.