groq-enterprise-rbac
Configure Groq enterprise SSO, role-based access control, and organization management. Use when implementing SSO integration, configuring role-based permissions, or setting up organization-level controls for Groq. Trigger with phrases like "groq SSO", "groq RBAC", "groq enterprise", "groq roles", "groq permissions", "groq SAML".
Installation
Details
Usage
After installing, this skill will be available to your AI coding assistant.
Verify installation:
skills listSkill Instructions
name: groq-enterprise-rbac description: | Configure Groq enterprise SSO, role-based access control, and organization management. Use when implementing SSO integration, configuring role-based permissions, or setting up organization-level controls for Groq. Trigger with phrases like "groq SSO", "groq RBAC", "groq enterprise", "groq roles", "groq permissions", "groq SAML". allowed-tools: Read, Write, Edit version: 1.0.0 license: MIT author: Jeremy Longshore jeremy@intentsolutions.io
Groq Enterprise RBAC
Overview
Configure enterprise-grade access control for Groq integrations.
Prerequisites
- Groq Enterprise tier subscription
- Identity Provider (IdP) with SAML/OIDC support
- Understanding of role-based access patterns
- Audit logging infrastructure
Role Definitions
| Role | Permissions | Use Case |
|---|---|---|
| Admin | Full access | Platform administrators |
| Developer | Read/write, no delete | Active development |
| Viewer | Read-only | Stakeholders, auditors |
| Service | API access only | Automated systems |
Role Implementation
enum GroqRole {
Admin = 'admin',
Developer = 'developer',
Viewer = 'viewer',
Service = 'service',
}
interface GroqPermissions {
read: boolean;
write: boolean;
delete: boolean;
admin: boolean;
}
const ROLE_PERMISSIONS: Record<GroqRole, GroqPermissions> = {
admin: { read: true, write: true, delete: true, admin: true },
developer: { read: true, write: true, delete: false, admin: false },
viewer: { read: true, write: false, delete: false, admin: false },
service: { read: true, write: true, delete: false, admin: false },
};
function checkPermission(
role: GroqRole,
action: keyof GroqPermissions
): boolean {
return ROLE_PERMISSIONS[role][action];
}
SSO Integration
SAML Configuration
// Groq SAML setup
const samlConfig = {
entryPoint: 'https://idp.company.com/saml/sso',
issuer: 'https://groq.com/saml/metadata',
cert: process.env.SAML_CERT,
callbackUrl: 'https://app.yourcompany.com/auth/groq/callback',
};
// Map IdP groups to Groq roles
const groupRoleMapping: Record<string, GroqRole> = {
'Engineering': GroqRole.Developer,
'Platform-Admins': GroqRole.Admin,
'Data-Team': GroqRole.Viewer,
};
OAuth2/OIDC Integration
import { OAuth2Client } from '@groq/sdk';
const oauthClient = new OAuth2Client({
clientId: process.env.GROQ_OAUTH_CLIENT_ID!,
clientSecret: process.env.GROQ_OAUTH_CLIENT_SECRET!,
redirectUri: 'https://app.yourcompany.com/auth/groq/callback',
scopes: ['read', 'write'],
});
Organization Management
interface GroqOrganization {
id: string;
name: string;
ssoEnabled: boolean;
enforceSso: boolean;
allowedDomains: string[];
defaultRole: GroqRole;
}
async function createOrganization(
config: GroqOrganization
): Promise<void> {
await groqClient.organizations.create({
...config,
settings: {
sso: {
enabled: config.ssoEnabled,
enforced: config.enforceSso,
domains: config.allowedDomains,
},
},
});
}
Access Control Middleware
function requireGroqPermission(
requiredPermission: keyof GroqPermissions
) {
return async (req: Request, res: Response, next: NextFunction) => {
const user = req.user as { groqRole: GroqRole };
if (!checkPermission(user.groqRole, requiredPermission)) {
return res.status(403).json({
error: 'Forbidden',
message: `Missing permission: ${requiredPermission}`,
});
}
next();
};
}
// Usage
app.delete('/groq/resource/:id',
requireGroqPermission('delete'),
deleteResourceHandler
);
Audit Trail
interface GroqAuditEntry {
timestamp: Date;
userId: string;
role: GroqRole;
action: string;
resource: string;
success: boolean;
ipAddress: string;
}
async function logGroqAccess(entry: GroqAuditEntry): Promise<void> {
await auditDb.insert(entry);
// Alert on suspicious activity
if (entry.action === 'delete' && !entry.success) {
await alertOnSuspiciousActivity(entry);
}
}
Instructions
Step 1: Define Roles
Map organizational roles to Groq permissions.
Step 2: Configure SSO
Set up SAML or OIDC integration with your IdP.
Step 3: Implement Middleware
Add permission checks to API endpoints.
Step 4: Enable Audit Logging
Track all access for compliance.
Output
- Role definitions implemented
- SSO integration configured
- Permission middleware active
- Audit trail enabled
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| SSO login fails | Wrong callback URL | Verify IdP config |
| Permission denied | Missing role mapping | Update group mappings |
| Token expired | Short TTL | Refresh token logic |
| Audit gaps | Async logging failed | Check log pipeline |
Examples
Quick Permission Check
if (!checkPermission(user.role, 'write')) {
throw new ForbiddenError('Write permission required');
}
Resources
Next Steps
For major migrations, see groq-migration-deep-dive.
More by jeremylongshore
View allOauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.
Rabbitmq Queue Setup - Auto-activating skill for Backend Development. Triggers on: rabbitmq queue setup, rabbitmq queue setup Part of the Backend Development skill category.
evaluating-machine-learning-models: This skill allows Claude to evaluate machine learning models using a comprehensive suite of metrics. It should be used when the user requests model performance analysis, validation, or testing. Claude can use this skill to assess model accuracy, precision, recall, F1-score, and other relevant metrics. Trigger this skill when the user mentions "evaluate model", "model performance", "testing metrics", "validation results", or requests a comprehensive "model evaluation".
building-neural-networks: This skill allows Claude to construct and configure neural network architectures using the neural-network-builder plugin. It should be used when the user requests the creation of a new neural network, modification of an existing one, or assistance with defining the layers, parameters, and training process. The skill is triggered by requests involving terms like "build a neural network," "define network architecture," "configure layers," or specific mentions of neural network types (e.g., "CNN," "RNN," "transformer").