Users and groups play an important role in Soma’s security & application model. Users provide the following functionality:
- Ability to invoke agents & workflows
- Ability to access the Soma admin UI
A user’s functionality is ultimately determined by the role (not group) assigned to them.
Groups provide the following functionality:
Group approval workflows
Group approval workflows are still being built and will be available in a future release.
const {
waitForApproval,
approvalConfirmationUrl,
approvalRejectionUrl,
} = await ctx.group.requestApproval("gorup-id");
waitForApproval, approvalConfirmationUrl, approvalRejectionUrl = ctx.soma.group.request_approval("group-id")
Synchronizing users, groups & roles
The manual way
You can manually synchronize users, groups & roles into Soma.
First, create an admin API key:
soma api-key add --role admin example-id
GET / PUT / POST / DELETE /api/identity/v1/users - manage usersGET / PUT / POST / DELETE /api/identity/v1/groups - manage groups POST / DELETE /api/identity/v1/groups/{id}/members - manage group members
SCIM is a standard for provisioning users, groups & roles into Soma. You can configure a SCIM endpoint to synchronize users, groups & roles into Soma.
From more information about SCIM, please read the following resource.
You can configure authentication checks for the SCIM endpoint using:
- API key (provision a Soma API key with an admin role)
SCIM is still a work in progress. More documentation about role mapping, other authentication methods and schemas will be available in a future release.
LDAP sync
LDAP sync is still being built and will be available in a future release.
