coder
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 76 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 76 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 70 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 70 additions & 0 deletions
diff --git a/‎coderd/idpsync/idpsync.go
Lines changed: 4 additions & 1 deletion b/‎coderd/idpsync/idpsync.go
Lines changed: 4 additions & 1 deletion
diff --git a/‎coderd/idpsync/organization.go
Lines changed: 1 addition & 1 deletion b/‎coderd/idpsync/organization.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/runtimeconfig/resolver.go
Lines changed: 6 additions & 0 deletions b/‎coderd/runtimeconfig/resolver.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎coderd/telemetry/telemetry_test.go
Lines changed: 1 addition & 1 deletion b/‎coderd/telemetry/telemetry_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎codersdk/idpsync.go
Lines changed: 27 additions & 0 deletions b/‎codersdk/idpsync.go
Lines changed: 27 additions & 0 deletions
diff --git a/‎docs/reference/api/enterprise.md
Lines changed: 66 additions & 0 deletions b/‎docs/reference/api/enterprise.md
Lines changed: 66 additions & 0 deletions
diff --git a/‎docs/reference/api/schemas.md
Lines changed: 30 additions & 0 deletions b/‎docs/reference/api/schemas.md
Lines changed: 30 additions & 0 deletions
@@ -26,7 +26,7 @@ import (
 type IDPSync interface {
 	OrganizationSyncEntitled() bool
 	OrganizationSyncSettings(ctx context.Context, db database.Store) (*OrganizationSyncSettings, error)
-	UpdateOrganizationSettings(ctx context.Context, db database.Store, settings OrganizationSyncSettings) error
+	UpdateOrganizationSyncSettings(ctx context.Context, db database.Store, settings OrganizationSyncSettings) error
 	// OrganizationSyncEnabled returns true if all OIDC users are assigned
 	// to organizations via org sync settings.
 	// This is used to know when to disable manual org membership assignment.
@@ -70,6 +70,9 @@ type IDPSync interface {
 	SyncRoles(ctx context.Context, db database.Store, user database.User, params RoleParams) error
 }
 
+// AGPLIDPSync implements the IDPSync interface
+var _ IDPSync = AGPLIDPSync{}
+
 // AGPLIDPSync is the configuration for syncing user information from an external
 // IDP. All related code to syncing user information should be in this package.
 type AGPLIDPSync struct {
 
@@ -34,7 +34,7 @@ func (AGPLIDPSync) OrganizationSyncEnabled(_ context.Context, _ database.Store)
 	return false
 }
 
-func (s AGPLIDPSync) UpdateOrganizationSettings(ctx context.Context, db database.Store, settings OrganizationSyncSettings) error {
+func (s AGPLIDPSync) UpdateOrganizationSyncSettings(ctx context.Context, db database.Store, settings OrganizationSyncSettings) error {
 	rlv := s.Manager.Resolver(db)
 	err := s.SyncSettings.Organization.SetRuntimeValue(ctx, rlv, &settings)
 	if err != nil {
 
@@ -12,6 +12,9 @@ import (
 	"github.com/coder/coder/v2/coderd/database"
 )
 
+// NoopResolver implements the Resolver interface
+var _ Resolver = &NoopResolver{}
+
 // NoopResolver is a useful test device.
 type NoopResolver struct{}
 
@@ -31,6 +34,9 @@ func (NoopResolver) DeleteRuntimeConfig(context.Context, string) error {
 	return ErrEntryNotFound
 }
 
+// StoreResolver implements the Resolver interface
+var _ Resolver = &StoreResolver{}
+
 // StoreResolver uses the database as the underlying store for runtime settings.
 type StoreResolver struct {
 	db Store
 
@@ -295,7 +295,7 @@ func TestTelemetry(t *testing.T) {
 		org, err := db.GetDefaultOrganization(ctx)
 		require.NoError(t, err)
 		sync := idpsync.NewAGPLSync(testutil.Logger(t), runtimeconfig.NewManager(), idpsync.DeploymentSyncSettings{})
-		err = sync.UpdateOrganizationSettings(ctx, db, idpsync.OrganizationSyncSettings{
+		err = sync.UpdateOrganizationSyncSettings(ctx, db, idpsync.OrganizationSyncSettings{
 			Field: "organizations",
 			Mapping: map[string][]uuid.UUID{
 				"first": {org.ID},
 
@@ -12,6 +12,13 @@ import (
 	"golang.org/x/xerrors"
 )
 
+type IDPSyncMapping[ResourceIdType uuid.UUID | string] struct {
+	// The IdP claim the user has
+	Given string
+	// The ID of the Coder resource the user should be added to
+	Gets ResourceIdType
+}
+
 type GroupSyncSettings struct {
 	// Field is the name of the claim field that specifies what groups a user
 	// should be in. If empty, no groups will be synced.
@@ -137,6 +144,26 @@ func (c *Client) PatchOrganizationIDPSyncSettings(ctx context.Context, req Organ
 	return resp, json.NewDecoder(res.Body).Decode(&resp)
 }
 
+// If the same mapping is present in both Add and Remove, Remove will take presidence.
+type PatchOrganizationIDPSyncMappingRequest struct {
+	Add    []IDPSyncMapping[uuid.UUID]
+	Remove []IDPSyncMapping[uuid.UUID]
+}
+
+func (c *Client) PatchOrganizationIDPSyncMapping(ctx context.Context, req PatchOrganizationIDPSyncMappingRequest) (OrganizationSyncSettings, error) {
+	res, err := c.Request(ctx, http.MethodPatch, "/api/v2/settings/idpsync/organization/mapping", req)
+	if err != nil {
+		return OrganizationSyncSettings{}, xerrors.Errorf("make request: %w", err)
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode != http.StatusOK {
+		return OrganizationSyncSettings{}, ReadBodyAsError(res)
+	}
+	var resp OrganizationSyncSettings
+	return resp, json.NewDecoder(res.Body).Decode(&resp)
+}
+
 func (c *Client) GetAvailableIDPSyncFields(ctx context.Context) ([]string, error) {
 	res, err := c.Request(ctx, http.MethodGet, "/api/v2/settings/idpsync/available-fields", nil)
 	if err != nil {
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ func (AGPLIDPSync) OrganizationSyncEnabled(_ context.Context, _ database.Store)`
`34`	`34`	`return false`
`35`	`35`	`}`
`36`	`36`
`37`		`-func (s AGPLIDPSync) UpdateOrganizationSettings(ctx context.Context, db database.Store, settings OrganizationSyncSettings) error {`
	`37`	`+func (s AGPLIDPSync) UpdateOrganizationSyncSettings(ctx context.Context, db database.Store, settings OrganizationSyncSettings) error {`
`38`	`38`	`rlv := s.Manager.Resolver(db)`
`39`	`39`	`err := s.SyncSettings.Organization.SetRuntimeValue(ctx, rlv, &settings)`
`40`	`40`	`if err != nil {`