Home
A Nextcloud app that maps multiple OIDC token claims to Nextcloud groups via configurable rules. Works with any identity provider through the user_oidc app.
With user_oidc alone, you can map one claim to groups (via the mappingGroups setting). But real-world identity providers often spread group-relevant information across multiple claims — roles, departments, organization, flags, etc.
This app lets you define rules that map any number of claims to Nextcloud groups:
| Without this app | With this app |
|---|---|
| 1 claim → groups | N claims → groups via configurable rules |
roles → ["admin", "editor"]
|
department → Engineering
|
roles → role_admin, role_editor
|
|
organization → Staff (via lookup table) |
|
userType == INTERNAL → Internal-Users
|
- Vue admin UI — visual rule editor with drag-and-drop reorder, raw JSON editor, and claim simulator
- 5 rule types — direct, prefix, map, conditional, template
- Dot-notation claim paths — access any nested token field
- Additive or replace mode — merge with or override existing groups
- REST API — manage rules programmatically via OCS endpoints
- OCC commands — list, set, and test rules from the CLI
- Dark mode — full support for Nextcloud dark and light themes
| I want to... | Go to |
|---|---|
| Install the app | Installation |
| Set up my first rules | Getting Started |
| Understand all rule types in detail | Rule Types Reference |
| Manage rules via CLI | OCC Commands |
| Automate rule management | REST API |
| Configure modes and advanced options | Configuration Reference |
| Fix something that isn't working | Troubleshooting |
| Component | Version |
|---|---|
| Nextcloud | 29 – 32 |
| PHP | 8.1+ |
| user_oidc | Installed and enabled |