Azure SAML 2.0 settings to capture the User DN or Group
PSD
Newbie ✭
Hi, I able to authenticate the Azure User via SAML on SMA 12.4. Seems like SMA unable to get the user Group and make the "Group" mapping policy failed. Anyone know any special configruation that we need to configure at Azure, especially section#2 in Azure Sigle Sign-on setup page? Thanks a lot for prompt advise.
Category: Secure Mobile Access Appliances
0
Answers
12.4.1 will support SAML Group attribute, on 12.4, you can workaround this by using LDAP and sync SAML data.
@PSD 12.4.1 will support Groups for SAML authentication servers (Azure in your case).
On 12.4.0 and below, if you have your Active Directory on your internal network you can use it for group authorization by enabling group affinity - refer "Enabling Group Affinity Checking in a Realm" section under Admin guide to know more about this option. Once enabled, you can use SAML (Azure) realm to create mapped accounts and use them as needed.
Let me know if above suggestion worked for you.