We are running Retool version 3.4.2 using the Docker image on-premise. I am trying to set up SAML group sync (Sync SAML group memberships | Retool Docs) with environment variables. I have set the following environment variables and restarted the service
export SAML_SYNC_GROUP_CLAIMS=true
export SAML_GROUPS_ATTRIBUTE=groups
export LDAP_ROLE_MAPPING=retool-dev_admins -> admin, retool-dev_editors -> editor, retool-dev_viewers -> viewer
and in the container logs, I am able to log in with SSO, and it does see the groups in the SAML assertion.
[SAML] - Received SAML Login Response, parsing...
{"level":"info","message":"[getOrgFromHost] check for on prem org","timestamp":"2024-06-11T19:13:29.620Z"}
[SAML] - Validating response...
[SAML] - Validated response, and received the following attributes {
firstName: '...',
lastName: '...',
email: '...',
groups: [ 'retool-dev_admins', 'retool-dev_viewers' ]
}
However, I don't have the admin role when I sign in with SSO, and I don't see anything else in the logs like
[LDAP] - Translating LDAP groups to Retool group names
Is there maybe an environment variable I'm missing or misconfigured?
Thanks