Default user groups from ldap


I have some trouble getting the default organization and location for new
users using ipa authentification.

My foreman is connected to ipa and the checkbox for creating new users in
foreman automatically is checked.
I've created a local group ipausers which maps to an external IPA group
ipausers. The IPA group includes all users, which should connect to foreman
and view all content in foreman.

The lokal usergroup ipausers includes the roles Task Reader, view hosts and

If I log into foreman with an account from this usergroup, I can see all
hosts and everything within the infrastructure tab, but I cannot the
configurations without the organization or location view, because I cannot
choose an organization. (for example I cannot see products or lifecycle

I can change the environment and location per user, but I cannot find this
for a group.

How can I configure foreman, that each user from IPA group ipausers can
login into foreman and automatically joins the organization x and location

Kind regards,

Have you find a solution?
I don’t want to assign orgs and locations manually. It defeats the purpose of using IPA.