-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure Ad as IdP #68
Comments
Hi @dosiennik, Did you follow the steps listed in the following guide? There is an step in which we need to map the attributes from Microsoft AD to Cognito ones. For groups we have to create a custom attribute. |
Hi @dlpzx, Thanks for sharing the guide. Yeah as far as I see we proceed as described for the group mapping. Although looks like Azure ID is able to return only group identifiers, not names so as a result we see group ids in the UI. That's why wanted to check if you have experienced a similar case and know how it can be handled. |
Hello, And I also faced the same issue with Azure AD group ID. It seems it has been there for a while (stackoverflow issue). As mentioned in this post, I believe the only way is to do what you mentioned, which is implementing some kind of logic that calls Microsoft Graph to map group ID with their name. |
Hello, Thanks for the info and links. Yeah we noticed it and named the attribute as the code expects. It is mapped correctly although as I mentioned group id is there not the name. Indeed it seems to be Azure's 'feature' ;) Currently we are working on a piece of logic in the Cognito event to map ids to names before token is generated. |
Alright, could you please share this piece of code when it will be ready ? I believe it will be extremely helpful for everyone federating Azure AD with Cognito. |
Sure thing, let's keep in touch on the topic. |
|
Hi,
We are trying to use Azure AD as IdP for data.all. We configured Cognito accordingly. We are able to login with Azure AD and we are receiving the list of user groups.
As far as we see for the groups, Azure AD returns just identifiers of the groups as random strings (not the readable names) and the identifiers are displayed to the users in the UI which is not very user friendly.
We are curious how to handle it since we would like to see the group names in the UI instead. We were thinking about mapping the group ids to group names in the piece of logic inside Cognito pre-token generation trigger. There is one challenge though since the group name can change in Azure AD. It will affects the values of the tags, policies etc.
I think for the Cognito Groups it is not a challenge because the groups name can't be changed there.
Do you have any recommendation how it can be handled? Did you test data.all with other IdP provides?
The text was updated successfully, but these errors were encountered: