The user's association with the returned groups is not permanent when the "Auto Associate Groups" SAML feature is enabled in Artifactory. This indicates that the group association will be deleted once the user logs out of the UI or when the session expires, and it will only be active for the duration of the current browser login session.
To make the group association persistent when using REST API as well as the UI, it is required to implement one of the following approaches:
- For each group that exists in your SAML provider, manually add the users to the group with the same name in Artifactory. After adding the users to the groups, assign the groups to the permission targets in Artifactory to make sure these users and groups are associated with the relevant permissions.
- Another approach is setting up SCIM, which allows receiving updates regarding users and groups from your Identity Provider. The JFrog Platform implements the subset of SCIM 2.0 endpoints allowing to create, update (limited, you cannot rename a user/group), disable or delete groups and users in addition to other scenarios for managing users, groups and the association between them through your Identity Provider.
For more information about SAML SSO and SCIM configurations, please see the following documentation:
SAML SSO Configuration
SCIM
How to sync your Azure AD SAML groups with JFrog
ARTIFACTORY: How to configure JFrog Artifactory SCIM with Azure Active Directory
Managing Users and Groups with SCIM in the JFrog Platform