Viacheslav Luschinskiy
Reputation: 1407
Getting Azure AD groups of authenticated user via Google Identity-Aware Proxy -> SAML -> Azure AD
We have two clouds:
- GCP for our apps
- Azure for user management
I need to set up a role based auth in my GCP hosted app based on the user groups he is assigned to in the Azure Active Directory. So I need to get the AD groups somehow.
The standard setup via IAP and SAML will return me a user email via x-goog-authenticated-user-email header. This is not enough as I also need AD groups.
I have found some feature called SAML attribute propagation which sounds like an option but I am not sure. There is no configuration example for this case.
Has anyone ever did that?
Upvotes: 1
Views: 178
Answers (0)
Related Questions
- How to get group membership or roles from a Google Apps SAML2 Identity Provider
- How can I get user's group memberships included in the id token
- Cannot find AAD group using Identities ADO API
- Azure AD: How to get group information in token?
- How to get user groups or roles from Identity Aware Proxy in a MERN stack app
- How to get user group information from Azure AD B2C
- List all groups of a user in Azure Active directory using the Azure API call
- Is it possible to get user group membership from Google Cloud Identity Aware Proxy generated token
- Get a list of groups that Azure AD user belongs to in claims
- Authentication Process Get Azure AD group the user is a member of and do logic