...
The common denominator for all ways of authentication is that we need to receive the following two values at the very least:
user_id: A unique user id.email: An email address.
With these values the Mediebank is able to identify who each user is, as well as how to contact them.
...
The aforementioned values are the ones that we absolutely require, but in addition to those values we also accept the following:
firstname: The user’s first name.lastname: The user’s last name.mobile: The user’s mobile phone number.picture: The user’s profile picture.groups: An array of strings containing all the groups that a user is a member of.
...
Naturally you do not want every single group in your identity provider to automatically create a new Mediebank organization. The way to solve this is to make sure the group names in your identity provider that grant access to Mediebank organizations are all in the same machine readable format. An example of a machine readable format is: NTBMB.GroupNameHere.
A group with the name NTBMB.GroupNameHere. would automatically create an organization within your Mediebank instance called GroupNameHere. This happens automatically the moment a user with that group logs in to your Mediebank instance.