Hi everyone,
I’m currently facing a scoping issue in Boundary in a multi-organization setup using OIDC authentication.
Each organization has its own OIDC auth method, connected to a specific group from an external identity provider (via Keycloak). Managed groups are mapped accordingly, and roles are assigned at the organization level to give access only to relevant targets.
The goal is straightforward: when a user authenticates via Org A’s OIDC, they should only see and access the targets under Org A — not the ones from Org B, Org C, or any other organization. Also, they should not see the scopes (organizations or projects) they don’t belong to.
However, after authentication, users still see all other organizations and their targets, despite having scoped roles and grants defined only for their own org.
What I’ve tried:
- Setting roles with grants like
type=target;actions=read,list,authorize-sessionscoped tothisandchildren. - Removing broader global grants where possible.
- Verifying managed group mapping via OIDC claims.
Still, the issue persists, and I’m suspecting some inherited permissions — maybe from global roles or a misconfigured grant scope elsewhere.
Has anyone successfully locked down access so that users only see what belongs to their org? Any feedback or guidance would be greatly appreciated.
Thanks in advance!