Configure Groq enterprise SSO, role-based access control, and organization management.
Use when implementing SSO integration, configuring role-based permissions,
or setting up organization-level controls for Groq.
Trigger with phrases like "groq SSO", "groq RBAC",
"groq enterprise", "groq roles", "groq permissions", "groq SAML".
Use the skills CLI to install this skill with one command. Auto-detects all installed AI assistants.
Method 1 - skills CLI
npx skills i jeremylongshore/claude-code-plugins-plus-skills/plugins/saas-packs/groq-pack/skills/groq-enterprise-rbacMethod 2 - openskills (supports sync & update)
npx openskills install jeremylongshore/claude-code-plugins-plus-skillsAuto-detects Claude Code, Cursor, Codex CLI, Gemini CLI, and more. One install, works everywhere.
Installation Path
Download and extract to one of the following locations:
~/.claude/skills/groq-enterprise-rbac/ No setup needed. Let our cloud agents run this skill for you.
Select Model
Claude Sonnet 4.5$0.20/task
Best for coding tasks
No setup required
Groq Enterprise RBAC
Overview
Configure enterprise-grade access control for Groq integrations.
Prerequisites
- Groq Enterprise tier subscription
- Identity Provider (IdP) with SAML/OIDC support
- Understanding of role-based access patterns
- Audit logging infrastructure
Role Definitions
| Role | Permissions | Use Case |
|---|
| Admin | Full access | Platform administrators |
| Developer | Read/write, no delete | Active development |
| Viewer | Read-only | Stakeholders, auditors |
| Service | API access only | Automated systems |
Role Implementation
enum GroqRole {
Admin = 'admin',
Developer = 'developer',
Viewer = 'viewer',
Service = 'service',
}
interface GroqPermissions {
read: boolean;
write
SSO Integration
SAML Configuration
// Groq SAML setup
const samlConfig = {
entryPoint: 'https://idp.company.com/saml/sso',
issuer: 'https://groq.com/saml/metadata',
cert: process.env.SAML_CERT,
callbackUrl: 'https://app.yourcompany.com/auth/groq/callback',
};
// Map IdP groups to Groq roles
const groupRoleMapping: Record<string, GroqRole> =
OAuth2/OIDC Integration
import { OAuth2Client } from '@groq/sdk';
const oauthClient = new OAuth2Client({
clientId: process.env.GROQ_OAUTH_CLIENT_ID!,
clientSecret: process.env.GROQ_OAUTH_CLIENT_SECRET!,
redirectUri: 'https://app.yourcompany.com/auth/groq/callback',
scopes: ['read', 'write'],
});
Organization Management
interface GroqOrganization {
id: string;
name: string;
ssoEnabled: boolean;
enforceSso: boolean;
allowedDomains: string[];
defaultRole: GroqRole;
}
async function createOrganization
Access Control Middleware
function requireGroqPermission(
requiredPermission: keyof GroqPermissions
) {
return async (req: Request, res: Response, next: NextFunction) => {
const user = req.user as { groqRole
Audit Trail
interface GroqAuditEntry {
timestamp: Date;
userId: string;
role: GroqRole;
action: string;
resource: string;
success: boolean;
ipAddress: string;
}
Instructions
Step 1: Define Roles
Map organizational roles to Groq permissions.
Set up SAML or OIDC integration with your IdP.
Step 3: Implement Middleware
Add permission checks to API endpoints.
Step 4: Enable Audit Logging
Track all access for compliance.
Output
- Role definitions implemented
- SSO integration configured
- Permission middleware active
- Audit trail enabled
Error Handling
| Issue | Cause | Solution |
|---|
| SSO login fails | Wrong callback URL | Verify IdP config |
| Permission denied | Missing role mapping | Update group mappings |
| Token expired | Short TTL | Refresh token logic |
| Audit gaps | Async logging failed | Check log pipeline |
Examples
Quick Permission Check
if (!checkPermission(user.role, 'write')) {
throw new ForbiddenError('Write permission required');
}
Resources
Next Steps
For major migrations, see groq-migration-deep-dive.
:
boolean
;
delete: boolean;
admin: boolean;
}
const ROLE_PERMISSIONS: Record<GroqRole, GroqPermissions> = {
admin: { read: true, write: true, delete: true, admin: true },
developer: { read: true, write: true, delete: false, admin: false },
viewer: { read: true, write: false, delete: false, admin: false },
service: { read: true, write: true, delete: false, admin: false },
};
function checkPermission(
role: GroqRole,
action: keyof GroqPermissions
): boolean {
return ROLE_PERMISSIONS[role][action];
}
{
'Engineering': GroqRole.Developer,
'Platform-Admins': GroqRole.Admin,
'Data-Team': GroqRole.Viewer,
};
(
config: GroqOrganization
): Promise<void> {
await groqClient.organizations.create({
...config,
settings: {
sso: {
enabled: config.ssoEnabled,
enforced: config.enforceSso,
domains: config.allowedDomains,
},
},
});
}
:
GroqRole
};
if (!checkPermission(user.groqRole, requiredPermission)) {
return res.status(403).json({
error: 'Forbidden',
message: `Missing permission: ${requiredPermission}`,
});
}
next();
};
}
// Usage
app.delete('/groq/resource/:id',
requireGroqPermission('delete'),
deleteResourceHandler
);
async function logGroqAccess(entry: GroqAuditEntry): Promise<void> {
await auditDb.insert(entry);
// Alert on suspicious activity
if (entry.action === 'delete' && !entry.success) {
await alertOnSuspiciousActivity(entry);
}
}