Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure RBAC using AD groups #79

Closed
jreadey opened this issue Jan 28, 2021 · 2 comments
Closed

Azure RBAC using AD groups #79

jreadey opened this issue Jan 28, 2021 · 2 comments
Labels
enhancement

Comments

@jreadey
Copy link
Member

jreadey commented Jan 28, 2021

Support the use of AD groups for RBAC rather than relying on group list managed by the server.
@jreadey jreadey mentioned this issue Jan 28, 2021
Closed
11 tasks
@jreadey
Copy link
Member Author

jreadey commented Mar 18, 2021

Changes to support this are checked in here: 729d39d.
Summary, the authentication code looks at the "roles" claim in the bearer token and basis the username's group membership based on that.

On the client side, the roles are not generated strictly based on the AD group membership, but by using "App Roles". See: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps. It's easy enough to assign a role based on a AAD group and more flexible than attempting to use the group directly.

@jreadey jreadey mentioned this issue Mar 18, 2021
Closed
@jreadey
Copy link
Member Author

jreadey commented Sep 20, 2022

This should be working in master now.

@jreadey jreadey closed this as completed Sep 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jreadey