Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMA with Azure SAML using SAML Groups

We are trying to setup Group mapping based on SAML 2.0 Authentication from Azure AD. I cannot see any documentation on this. This is a new feature recently added in 10.2.

I need to know what value the SMA is concerned about in the user and groups fields when using Azure SAML 2 (see attachment 1)



The Enterprise Application in Azure AD, has enabled groups claims. Therefore, a user groups memberships are included in the SAML Payload sent to the SMA Appliance.

I would like to know what value the SAML Group Field is expecting within the LOCAL Group Config. (see attachment 2 and 3

) we have tried sending group claims with the ID of the azure security group but it does not work. Thus the user does not get mapped to a local group and no bookmarks appear.




Category: SSL VPN
Reply

Comments

  • Please work with tech-support to submit a JIRA ticket for improving the documentation.

    In SAML domain, there is a “Group Name” field, it will be used for assign group after login.


    On Users > Groups, edit group for SAML domain, there is a “SAML groups” tab, you could set the value of the attribute, which is set in domain settings.


    After login on IDP, some assert information will be returned in response, which will include the attribute, you set in domain settings for group, the value of this attribute will be used to match in all local saml groups. 

  • Lanman1Lanman1 Newbie ✭
    edited January 29

    There definitely needs to be documentation on this. I got it working but it took several days of trial and error.


    I'd be happy to work with support to generate screenshots.

  • tvdvaerdtvdvaerd Newbie ✭

    hi Lanman1,

    Can you share how you got it configured?

Sign In or Register to comment.