Working with externally managed groups
Externally managed groups are configured in the PhariaAI Helm chart and managed by the external identity provider. They cannot be edited in PhariaOS and their membership lists are not available in PhariaAI; however, external groups can be assigned to PhariaAI resources, such as applications and collections.
Creating externally managed groups
To add externally managed groups in your Helm chart, enter the following values:
pharia-iam:
# ...
externallyManagedGroups: ["group1", "group2"]
# ...Understanding externally managed groups
When you define externallyManagedGroups in the PhariaAI Helm chart, the listed user groups are created in PhariaIAM as external groups. This means the following:
-
Membership is externally managed: Group membership is handled by your external identity provider, not by PhariaIAM itself.
-
No editing in PhariaOS: You cannot manage or list the members of externally managed groups in PhariaAI. Their names also cannot be changed in PhariaOS.
-
Source of truth: The list provided in the Helm chart is the source of truth.
-
To add an external group, simply add its name to the list.
-
To remove an external group, remove its name from the list.
-
Renaming groups is not supported: Externally managed group names cannot be changed. If you rename a group, PhariaIAM deletes the old group and creates a new one with the new name.