Dear OpenProject Community,

We are currently evaluating a specific authentication use case and would appreciate confirmation on whether this configuration is supported.

Our Goal:

• Authentication: Handle all user logins via a SAML provider.

• Authorization/Groups: Fetch user group memberships from an LDAP server.

Current Progress:

• SAML: Successfully configured; users can log in without issues.

• LDAP: The connection is established, and OpenProject successfully "sees" the groups from our LDAP server.

Despite the connection working, the LDAP groups remain empty in OpenProject. It appears the system isn't successfully mapping the SAML-authenticated users to their respective LDAP groups.

Is this "hybrid" setup (SAML Auth + LDAP Group Sync) currently supported in OpenProject? If so, are there specific mapping attributes required to link the SAML user identity to the LDAP entry?

Thank you in advance for your help!

Best regards,
--
Issa