Migrate feature away from using the default organization.

At presentoidcGroups returns a flat[]string of groups to assign to the user. This flat list is applied to thedefault organization.

Organization Membership

Group sync could, and might be extended to membership sync. Meaning we might want to use the "everyone" group to assign users into an org.

So the default config would look like (json structure subject to change):

# assign the oidc group to the 'everyone' group in the default org. So# these users are placed into the "default" org as a member. CODER_OIDC_GROUP_MAPPING='{"myOIDCGroupID": {"default":"everyone"}}'

This means if the user has nomyOIDCGroupID group,they would be removed from the default org. Using groups to assign org membership would be great if we can handle all the edge cases and defaults.

• Should there be something likeCODER_OIDC_GROUP_ALWAYS='{"default":"everyone"}' to make sure everyone is in the default org?
• Easy to make orgless users.

Some design principles to consider. Organizations are intended to be "self serve" from the perspective of an organization admin. It reasons then that a site wide admin might control which users are placed into an org, but further group membership could be decided by the admins of said org.

This could potentially split the configuration into 2 places.

Deployment configuration to upgrade

Auto-create

TheCODER_OIDC_GROUP_AUTO_CREATE poses a challenge in multi-org. As it is no longer obvious which organization the new group should be created in.

Static group mapping

The static mappingCODER_OIDC_GROUP_MAPPING needs to accommodate an organization context. This map

JSON is currentlymap[<OIDC_group_name>]<coder_group_name>, so an example of thecurrent configuration is:

# Flat assignment assuming default org. We need to inject an `<ord_id>` into thisCODER_OIDC_GROUP_MAPPING='{"myOIDCGroupID": "myCoderGroupName"}'

We need a json structure that includes organization context for the group. For single org deployments, maybe the old config should still work?