I’m trying to setup owncloud with single sign on using Authentik. I have it working for normal users. There is a feature that allows automatic role assignment to users so that admin users from authentik become admin users for owncloud.
This is described here: https://doc.owncloud.com/ocis/next/deployment/services/s-list/proxy.html#automatic-role-assignments.
In this document, they describe having attributes like
- role_name: admin
  claim_value: ocisAdmin
The problem I have is I don’t know how to input this information into an Authentik user. As a result, owncloud is giving me this error:
ERR Error mapping role names to role ids error="no roles in user claims" line=github.com/owncloud/ocis/v2/services/proxy/pkg/userroles/oidcroles.go:84 request-id=5a6d0e69-ad1b-4479-b2d9-30d4b4afb8f2 service=proxy userid=05b283cd-606c-424f-ae67-5d0016f2152c
Any authentik experts out there?
I tried putting this under the attributes section of the user profile in authentik:
role_name: admin
claim_value: ocisAdmin
It doesn’t work and it won’t let me format YAML like the documentation where the claim_value is a child of the role_name.


Roles in authentik are for permissions in authentik. You want a group instead. Group memberships are send via OIDC.
tried this, created a group called ocisAdmin and added the admin user to it, it still gives the same error. Seems like I need to define a proxy.yaml file in owncloud with the roles, I did this and it still doesn’t work.
In the oidc provider in authentik you have to enable sending the groups. I forgot what its called.