Group membership assignment via SAML using Azure AD

1490
7
Jump to solution
03-31-2019 03:43 PM
AnthonyRyanEQL
Occasional Contributor III

Hi there,

I am having trouble finding information about how to setup Azure AD to manage user membership via groups. We have the corporate AD groups & users syncing to Azure AD and we also have enterprise logins via IDP working too. Enable group memebership within the IDP setting has been enabled too.

A Portal group has been created with the enterprise group name filled out with the name of the corporate AD group that has been synced to Azure AD but with no luck with user membership.

Could someone please point me in the right direction.

Thanks

0 Kudos
1 Solution

Accepted Solutions
AnthonyRyanEQL
Occasional Contributor III

The claims section in Azure AD was altered and now showing in the format of <domain>/<groupname> which works a treat.

View solution in original post

0 Kudos
7 Replies
JamesDiaz1
New Contributor

Hey im also in the process of setting this up, so far i got the user to login to work using this guide Tutorial: Azure Active Directory integration with ArcGIS Enterprise | Microsoft Docs, but when i create a portal group with the enterprise group name the users cant see the content shared to the group. Hope the link helps.

0 Kudos
AnthonyRyanEQL
Occasional Contributor III

James,

Same here. Users logging in no problems but that portal group linkage is a mystery 

0 Kudos
JamesDiaz1
New Contributor

have you checked your saml response headers? ours are returning the azure ad enterprise group ID but still no dice.

0 Kudos
JamesDiaz1
New Contributor

Hey Anthony just an update, on azure ad get the group object ID and add the enterprise group on portal, that seems to have done the trick on my end.

0 Kudos
AnthonyRyanEQL
Occasional Contributor III

James,

Thanks for the info. This is the part of the SAML response when I log in relating to groups.

 I'm getting my Azure admin person to tell me what the names of the GUIDs are.

0 Kudos
AnthonyRyanEQL
Occasional Contributor III

The claims section in Azure AD was altered and now showing in the format of <domain>/<groupname> which works a treat.

0 Kudos
SatheeshSubramanian
New Contributor

Hi Anthony,

Could you please elaborate exactly where the changes are made in the Azure AD end to fix this issue?

We are also facing the same issue and trying to fix it.

Thanks,

Satheesh Subramanian

0 Kudos