Reputation: 493
SCIM 2.0 and external AD groups
We implemented SCIM for an enterprise app and it is working fine. We were told that we could add external AD groups to allow our partners users to be able to access the app as well. For example, Company A (us) uses Azure AD and wants to add a specific AD group from Company B (different network/domain) to be provisioned in the app. I was told this was possible, but I can't find documentation on setup of external groups.
I may have the terminology wrong which is probably not helping.
Any directions to documentation or examples would be appreciated.
Thanks.
Upvotes: 0
Views: 160
Answers (1)
Reputation: 912
Groups can only be provisioned/assigned to an application if they are managed in the same Azure AD tenant as the application that is configured to do provisioning. You can create a group in your Azure AD tenant and populate it with external/guest users as members - in that case, the group will be managed by your organization's tenant, but the members will be guests homed in another tenant.
Upvotes: 0
Related Questions
- Azure AD: how to key users when using OIDC and SCIM
- Azure AD SCIM client implementation - Users/Groups clarification
- Azure Active Directory SCIM: Deprovision member of a group not working
- Snowflake SCIM - AzureAD groups to link with local groups
- Get groups of user during provisioning on Enterprise application in Azure AD
- SCIM endpoint. Error when testing from Azure AD
- Patch request in SCIM with Azure AD
- Azure AD Self Service Group Management
- provisioning using SCIM
- Azure AD User Provisioning with SCIM 2.0