piplanning.io

IMPORTANT Once you have configured an OIDC Group Name for a piplanning.io Team you can only manage the Team via the Identity Provider (IdP). ​ To add or remove Users manually, clear the OIDC Group Name field first.

What OIDC Group to piplanning.io Team mapping does:

With OIDC Group Mapping the following functionality is provided with the User login and authentication process:

Users are automatically added or removed to the corresponding piplanning.io Team during the [Users] login process.

Your Identify Provider (IdP) becomes the single source of truth in this configuration.

- Users are automatically added or removed to the corresponding piplanning.io Team during the [Users] login process. 
- Your Identify Provider (IdP) becomes the single source of truth in this configuration.

Prerequisites for setting up OIDC Group Mappings

Ensure the IdP (providing the OIDC connection) returns a Group claim. Adjust the scope in the OIDC configuration in the RTE Cockpit &gt; SSO if necessary. Links to help articles to help with the set up for both Okta and Entra ID can be found below.

- Ensure the IdP (providing the OIDC connection) returns a Group claim. Adjust the scope in the OIDC configuration in the RTE Cockpit &gt; SSO if necessary. Links to help articles to help with the set up for both Okta and Entra ID can be found below.

For Okta: A detailed guide for allowing Okta Group to be read by piplanning.io is below. Ensure you complete the OIDC configuration to enable piplanning.io to read the Okta Groups. This <a href="https://help.piplanning.io/en/articles/109251-enable-okta-group-reading">Help Article to set up and enable Okta Groups to be read by piplanning.io</a> is a very useful guide.

- For Okta: A detailed guide for allowing Okta Group to be read by piplanning.io is below. Ensure you complete the OIDC configuration to enable piplanning.io to read the Okta Groups. This <a href="https://help.piplanning.io/en/articles/109251-enable-okta-group-reading">Help Article to set up and enable Okta Groups to be read by piplanning.io</a> is a very useful guide.

For Microsoft Entra ID: please refer to <a href="https://help.piplanning.io/en/articles/109245-microsoft-entra-id">this help article </a>.

- For Microsoft Entra ID: please refer to <a href="https://help.piplanning.io/en/articles/109245-microsoft-entra-id">this help article </a>.

Group mapping is currently supported for Okta and Microsoft's Entra ID.

___________________________________________________________

Allowing Groups to be read by piplanning.io

In the RTE Cockpit, navigate to Organization &gt; Teams

Edit the Team that you want to map to an OIDC Group

Open the OpenID Connect Group tab under the Add members section

Enter the Group Name: Type in the Group Name from the IdP (Okta or Entra ID) into the Group Name field. *Note: Group Names are case sensitive.

Assign a piplanning.io Role in the Group Role field.

1. Do this to specify the default [piplanning.io] Role that will be assigned to all Users, of that Okta Group / Team mapping, during login.

1. In the RTE Cockpit, navigate to Organization &gt; Teams
2. Edit the Team that you want to map to an OIDC Group
3. Open the OpenID Connect Group tab under the Add members section

4. Enter the Group Name: Type in the Group Name from the IdP (Okta or Entra ID) into the Group Name field. *Note: Group Names are case sensitive. 
5. Assign a piplanning.io Role in the Group Role field. 
 1. Do this to specify the default [piplanning.io] Role that will be assigned to all Users, of that Okta Group / Team mapping, during login.

OIDC Group Name and piplanning.io Role assigned with OIDC Group Mapping configuration at the piplanning.io Team level.

OIDC Group Names are case-sensitive

By following these steps, Users in the specific OIDC Groups will be automatically added to the respective Team, and assigned the respective Role upon login to piplanning.io.

piplanning.io Role Handling with OIDC Group Mappings

piplanning.io Roles are global across the platform. For instance, if a user is part of multiple teams with different roles—like Member for Team A and Observer for Team B—they will be assigned the highest privilege role available (in this case, Member).

Example of piplanning.io Teams and Role mapping to OIDC Groups

An in-depth example is provided to clarify how teams and role mapping operate when integrating with an IDP. Please click on the image to enlarge.

piplanning.io Team and IdP Group assignment using OIDC protocol with SSO

Map the Identity Provider Groups to piplanning.io Teams via the OIDC protocol (SSO). Enabling Users automatically be a Member of a piplanning.io Team/s based on their OIDC Groups.

Map IdP Groups to piplanning.io Teams

Create a custom design with text, images, and links

RTE Circle

Tutorials

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Map IdP Groups to piplanning.io Teams

What OIDC Group to piplanning.io Team mapping does:

Prerequisites for setting up OIDC Group Mappings

Mapping Okta Groups

Mapping Entra ID Groups

Allowing Groups to be read by piplanning.io

piplanning.io Role Handling with OIDC Group Mappings

Example of piplanning.io Teams and Role mapping to OIDC Groups