Generic permissions mapping engine

Problem Statement

Permission management and automation is a common need for large instances. When adding a new member on an instance, I want to automatically add them to the projects and groups they need to be successful.

We have LDAP, but we have other ways (or plan on adding more methods) to make this type of automation easier (SAML, group/project sharing, add members based on email, etc). Instead of having these features fragmented, we should consolidate them into a single user permissions mapping engine and allow an administrator/group owner to set the exact level of automation they're looking for.

Okta does this with if-then logic that I think is a nice approach:

Reach

Impact

Confidence

Effort