Hi Folks! Curious what the community prefers when considering User Access Management with SCIM Groups vs local Pulumi Teams.
I see 2 possible avenues whilst utilizing SCIM Groups being pushed to Pulumi Cloud in both scenarios below, when considering a strategy to manage Teams and their memberships, i.e. and by virtue Stack permissions.
This comes from the fact that Pulumi Cloud allows the use of both SCIM Groups and local Pulumi Teams.
Has your organization used…
1 SCIM Group for all user access management to your Pulumi Cloud Organization with local Pulumi Teams that can self manage members, i.e. with a Team admin?
Stayed true to full IdP SCIM Group membership management, and used SCIM Groups per each Team, managed by IdP managed Groups?
I see some drawbacks for both (in terms of administration and end user experience) but more benefits with one of these options. Obviously this can be dictated by company policy, but curious what others have implemented and have found out with their experiences.
To be clear both scenarios would still use SAML gating user access to the Pulumi Org.
Anyone have thoughts on this?
02/05/2024, 10:41 PM
we use idp(azure) and scim fior most of our apps but haven't explored in the context of pulumi team mgmt. Having gone through the experience of scim, i would prefer to manage idp groups.