I understand the current SAML integration can map a user to buildkite teams by using a comma separated list of team UUIDs in a single
I would prefer that Buildkite could honor an array of group claims and simply match by name. The UUID based mapping adds a lot of additional management overhead.
Most SAML providers (we use Okta) can map the list of group names to any attribute. Usually named
groups. I would really like it if Buildkite could just map team membership by name (instead of UUID) from a list of strings.
The SAML assertion would look something like this:
<saml2:Attribute Name=“group” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>case-sensitive group name