i have created an azure app , and followed the prcedures from metallic document for the saml integration ,
i have added one group in the azure app , and tested , it doesnt work, i have added a user in the azure app and created same user in the metallic as external user it worked ,
what is the procedure to add a external group of azure ad to metallic
i have tried to add a local group of same name of azure ad group, but i dont find any option to add role and permission for that group as tenant user or admin
all i can see a associated entities , where i get to add certail roles , can someone clarify the exact steps to follow
Best answer by Michael Woodward
Philipp Swoboda wrote:
good luck 😀
We have implemented on 2 of 5 CommCells this week so far, we have also gotten around the nested group issue by using dynamic groups in Azure.
Basically, the Enterprise App has Azure native groups as members, but these are dynamic groups which then has a rule defined like below:
That should outline everything needed to get this up and running for you. If you have any further questions or issues, feel free to reach out to our Customer Support team via Chat!
This should help with the custom attribute for user group mapping, since then I’ve found if you enable the Emit group name for cloud-only groups (preview) you then can have groups that have the friendly name and not the GUID of the group.
hello we have the same issues with saml and we have an open ticket which has the topic nested groups our customers want to have groups in groups which has access to the saml application which not work at the moment
hello we have the same issues with saml and we have an open ticket which has the topic nested groups our customers want to have groups in groups which has access to the saml application which not work at the moment
I’m about to deploy AzureAD based SAML for an organisation and my plan was to have AzureAD native groups as members of the App and on-prem sync’d groups as members of the AzureAD groups so we can mirror the current RBAC roles without re-architecting the whole thing.
we had today a session with support, when you add a group with direct members it works fine, but when you add a groups which has a member group and this has the user content it doesnt work.
i personally think when you add a synced group from your normal ad it will work as long there are users in it and not groups and groups.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
