"Challenge with OIDC setup and group memberships synchronization issues with Okta integration"

Original Slack Thread

Having some trouble with my OIDC setup. We sync users and groups with the Okta integration and when users log in they are assigned the correct user account, but it destroys all of their group memberships. When the integration runs again they re-populate, only to be destroyed upon next login. Any idea what could be wrong about my setup?
Attached relevant Okta env vars in the frontend.attachment

I’d be fine getting rid of the okta integration altogether, but group extraction on login doesn’t work either. I can’t find any relevant logs in the frontend that point to any errors there. This blocks me setting up RBAC.

Still running into issues with groups being overwritten when users log in with OIDC. It happens regardless of what AUTH_OIDC_EXTRACT_GROUPS_ENABLED is set to.

Kind of solved this. For the next person: You CAN use the Okta sync to avoid messing with creating a group claim on the SSO side. HOWEVER, I was mistaken and you do need to set AUTH_OIDC_EXTRACT_GROUPS_ENABLED to false . When that is set properly you won’t clear group memberships on login.
I tried to modify it on my deployment, and it never applied to my pods. oops :shrug: