From 2c7d2e41c014cc5a44909dee9087be44d4359eda Mon Sep 17 00:00:00 2001 From: Karen Sawrey Date: Mon, 14 Aug 2023 20:14:59 +0200 Subject: [PATCH] On accidental user role demotion/promotion with Okta SSO Doc update as a result of troubleshooting https://secure.helpscout.net/conversation/2328484756/55510 --- pages/integrations/sso/okta.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pages/integrations/sso/okta.md b/pages/integrations/sso/okta.md index 4c9d604240..09f52a6cd7 100644 --- a/pages/integrations/sso/okta.md +++ b/pages/integrations/sso/okta.md @@ -55,3 +55,6 @@ This can be done one of two ways: ## SAML user attributes <%= render_markdown partial: 'integrations/sso/saml_user_attributes' %> + +>🚧 Accidental user role demotion/promotion +> Note that if SSO via Okta is enabled and configured, Buildkite will receive the information about user roles from Okta and match it. So if you manually user change roles in Buildkite but not in Okta, then every time a user logs into Buildkite via Okta, the role type in Buildkite will be rewritten to match the information provided by Okta. This can cause unintended user role demotion or promotion.