Group synchronization
You can manage access to resources in Buddy directly in your SSO provider by enabling users and group synchronization in the workspace settings.
OneLogin configuration
- The first step is configuring the OneLogin integration with Buddy.
- With the integration added, sign in to your OneLogin portal and assign users to groups that you want to reproduce in Buddy.
- Once everything is configured on the provider's side, go to the SSO settings in Buddy and click
Enable users & groups synchronization
. Ticking the box expands additional settings:
Image loading...
- Integration – the integration used to authenticate Buddy in OneLogin
- Application – the application used to configure SSO in Buddy
- Provider group to receive admin rights in Buddy – the name of the group in the SSO provider whose members will receive admin rights in the workspace. Removes admin rights from all users who do not belong to the selected group on the provider's side (with the exception of the workspace owner)
- Remove unmatched groups (optional) – removes all groups not matched with the group in the SSO provider. Removing a group in the provider will also remove it in Buddy. This option does not remove users from the workspace. Users who do not belong to any group are disconnected from the SSO provider and can be removed manually.
- Click Save changes to apply the settings and synchronize users.
Microsoft Entra group synchronization
- The first step is configuring the Azure integration with Buddy.
- With the integration added, sign in to your Azure portal and assign users to groups that you want to reproduce in Buddy.
- Once everything is configured on the provider's side, go to the SSO settings in Buddy and click
Enable groups synchronization
. Ticking the box expands additional settings:
Image loading...
- Integration – the integration used to authenticate Buddy in Azure
- Application – the application used to configure SSO in Buddy
- Unique User Identifier (Name ID) – the attribute used to identify users. Available options:
user.userprincipalname
(default) – uses the user's User Principal Nameuser.mail
– uses the user's email addressuser.objectid
– uses the user's Object ID
- Provider group to receive admin rights in Buddy – the name of the group in the SSO provider whose members will receive admin rights in the workspace. Removes admin rights from all users who do not belong to the selected group on the provider's side (with the exception of the workspace owner)
- Remove unmatched groups (optional) – removes all groups not matched with the group in the SSO provider. Removing a group in the provider will also remove it in Buddy. This option does not remove users from the workspace. Users who do not belong to any group are disconnected from the SSO provider and can be removed manually.
- Click Save changes to apply the settings and synchronize users.
For Microsoft Entra group synchronization to work properly, you need to configure API permissions in Azure.
Go to Azure → Microsoft Entra ID → App registrations → select your application → Manage → API permissions and add the following Microsoft Graph scopes of Application permissions type:
Application.Read.All
Directory.Read.All
Image loading...
These permissions are required for Buddy to access and synchronize groups from your Microsoft Entra directory.
Automatic & manual synchronization
By default, synchronizaton is run:
- automatically every 10 minutes
- every time a new user registers to the workspace with SSO
- on every change to SSO settings
You can also synchronize manually by clicking the Sync now
link in the settings for immediate effect:
Image loading...
Last modified on Aug 21, 2025