Filtering User and Group Imports
Common Fate supports User and Group import filters. This is configured in your
deployment.yml file via the
IdentityGroupFilter is a regex string that is used by Common Fate's IDP sync function.
+ IdentityGroupFilter: common_fate_administrators|dev_.*
In the above example Common Fate will filter any imported groups to match the regex pattern for
common_fate_administrators|dev_.*. Practically this means that only users in the
common_fate_administrators group or prefixed with
dev_ will be imported in to Common Fate.
Why use an IdentityGroupFilter?
Identity group filters are helpful for Organizations with a large number of users/groups who want to reduce.
How does this differ from access groups configured in SAML?
Even if you have limited who can access Common Fate in your SAML settings, Common Fate by default will import the full set of Users/Groups. By adding and
IdentityGroupFilter you can adhere the imported users/groups to the configuration in SAML.
What happens if I use an IdentityGroupFilter
Users are synced based on whether they are a part of the selection of groups that meet the filter criteria. Users not in a group will not be imported. Only groups that meet the criteria will be imported.
What happens if I don't use an IdentityGroupFilter
All users and groups are synced from your IDP (including users without a group).