Community
Select to view content in your preferred language

Group membership assignment via SAML using Azure AD

3635
7
Jump to solution
03-31-2019 03:43 PM
AnthonyRyanEQL
by
Frequent Contributor
‎03-31-2019 03:43 PM

Hi there,

I am having trouble finding information about how to setup Azure AD to manage user membership via groups. We have the corporate AD groups & users syncing to Azure AD and we also have enterprise logins via IDP working too. Enable group memebership within the IDP setting has been enabled too.

A Portal group has been created with the enterprise group name filled out with the name of the corporate AD group that has been synced to Azure AD but with no luck with user membership.

Could someone please point me in the right direction.

Thanks

0 Kudos
1 Solution

Accepted Solutions
AnthonyRyanEQL
by
Frequent Contributor
‎04-26-2020 04:51 PM

The claims section in Azure AD was altered and now showing in the format of <domain>/<groupname> which works a treat.

View solution in original post

7 Replies
JamesDiaz1
by
Emerging Contributor
‎04-01-2019 07:15 PM

Hey im also in the process of setting this up, so far i got the user to login to work using this guide Tutorial: Azure Active Directory integration with ArcGIS Enterprise | Microsoft Docs, but when i create a portal group with the enterprise group name the users cant see the content shared to the group. Hope the link helps.

0 Kudos
AnthonyRyanEQL
by
Frequent Contributor
‎04-01-2019 08:12 PM

James,

Same here. Users logging in no problems but that portal group linkage is a mystery 

0 Kudos
JamesDiaz1
by
Emerging Contributor
‎04-01-2019 09:40 PM

have you checked your saml response headers? ours are returning the azure ad enterprise group ID but still no dice.

0 Kudos
JamesDiaz1
by
Emerging Contributor
‎04-02-2019 09:18 AM

Hey Anthony just an update, on azure ad get the group object ID and add the enterprise group on portal, that seems to have done the trick on my end.

0 Kudos
AnthonyRyanEQL
by
Frequent Contributor
‎04-02-2019 03:54 PM

James,

Thanks for the info. This is the part of the SAML response when I log in relating to groups.

 I'm getting my Azure admin person to tell me what the names of the GUIDs are.

0 Kudos
AnthonyRyanEQL
by
Frequent Contributor
‎04-26-2020 04:51 PM

The claims section in Azure AD was altered and now showing in the format of <domain>/<groupname> which works a treat.

SatheeshSubramanian
by
New Contributor
‎09-20-2020 08:09 PM

Hi Anthony,

Could you please elaborate exactly where the changes are made in the Azure AD end to fix this issue?

We are also facing the same issue and trying to fix it.

Thanks,

Satheesh Subramanian

0 Kudos