Is it possible map the Roles for Azure-AD-groups

I can able to map the individual mail ID, but it’s possible to map the Role for Azure-groups

@Bhanu What version of OS or ODFE are you currently running? Is it SAML or OpenID authentication?

1 Like

OpenSearch version : 1.2.4"
Authentication type : SAML


Do you find solution ?
I have the same problem.
Works fine using email but not using group name ou group id.

@cbarbier @Bhanu I’ve set the following in Azure and config.yml.




As a result, I’ll get the groups IDs. You can use these IDs in role binding.



Thanks for your answer. I’ll test it as soon as possible because I’m administrator on the Opensearch side but not on the Azure side.
In fact, I’m using Opensearch AWS service so I cannot modify the config.yml file but I already find this setting on the AWS Opensearch configuration.

Best regards