Attributes vs groups in JWT authentication

Hi all,

we want to authenticate users with JWT. This article neatly described thats: The beginning is clear, however the groups area is somewhat unclear. Can there be only one group? multiple in a list? and my question is how to use the groups as the next article on sandboxing talks about attributes and not groups:

My use case: determine from JWT to which organization someone belongs based on a property (and connect to different database based on organization) and based on an organizational Unit name property and role (e.g. user, manager, admin) limit access to specific parts of a table with Sandboxing.

Any tips on how this really works would be awesome!

Hi @rickgoud
You should be using the support email, when using the Enterprise Edition - also in trial.
Any other properties you include in the JWT should be synced to core_user.login_attributes, which are accessible via sandboxing.
Sandboxing uses attributes from the user to limit the data at row/column level. You use groups to limit access to specific databases/tables.
It’s some of the most complicated parts you’re playing with, so fair enough if it is a little confusing :wink:

Thanks! Will give it a go. Thanks for the great speed again @flamber!