Skip to content

README.rst

Latest commit

 

History

History
124 lines (92 loc) · 4.37 KB

README.rst

File metadata and controls

124 lines (92 loc) · 4.37 KB

360 ERP - Auth User Role

Beta License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

This module provides a generic engine to map Identity Provider (IdP) attributes to Odoo user roles. It acts as an abstraction layer built on top of the base_user_role module.

By itself, this module does not handle authentication. Instead, it is designed to be triggered by specialized "glue" modules (e.g., SAML, OAuth, LDAP) during the login process. It evaluates incoming identity payloads against a set of configured global rules and dynamically provisions or revokes user roles.

Table of contents

Configuration

To configure role mappings:

  1. Navigate to Settings > Users & Companies > Identity Role Mappings.
  2. Create a new mapping rule.
  3. Define the Identity Attribute: Enter the exact payload attribute key provided by your IdP (e.g., department, groups, eduPersonAffiliation).
  4. Select the Operator:
    • equals: The payload value must exactly match the defined value.
    • contains: The payload value must contain the defined value (useful for comma-separated lists or longer strings).
  5. Define the Value you expect to receive from the IdP.
  6. Select the Role (from base_user_role) that should be assigned when the condition is met.

Usage

There is no direct user interaction required for this module. Once configured, the evaluation and assignment of roles happen automatically in the background whenever an integrated authentication provider triggers the evaluate_and_apply_auth_roles method during user sign-in.

All role grants, reactivations, and revocations are automatically logged in the Odoo server logs for security auditing.

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed feedback.

Do not contact contributors directly about support or help with technical issues.

Credits

Authors

  • 360 ERP

Contributors

  • Andrea Stirpe

Other credits

The development of this module has been financially supported by:

  • 360 ERP

Maintainers

This module is maintained by the OCA.

Odoo Community Association

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

This module is part of the OCA/server-auth project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.