You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For those of us working with hybrid on-premise ad/entra id environments, it can be a constant nuisance that entra does not support nested groups for lots of things, for example app role assigments. [1]
It would be incredibly helpful to have a flatten parameter on the microsoft.ad.group module, which, when going over set/add/remove items, checks if that item is a group, and, if it is, replaces that with its (flattened) members.
The resulting group will therefore be flat (only having direct members, no groups as members), making it suitable for use with azure ad.
SUMMARY
For those of us working with hybrid on-premise ad/entra id environments, it can be a constant nuisance that entra does not support nested groups for lots of things, for example app role assigments. [1]
It would be incredibly helpful to have a
flatten
parameter on themicrosoft.ad.group
module, which, when going over set/add/remove items, checks if that item is a group, and, if it is, replaces that with its (flattened) members.The resulting group will therefore be flat (only having direct members, no groups as members), making it suitable for use with azure ad.
[1] " App role assignment, for both access and provisioning. Assigning groups to an app is supported, but any groups nested within the directly assigned group won't have access.", https://learn.microsoft.com/en-us/entra/identity/users/directory-service-limits-restrictions
ISSUE TYPE
COMPONENT NAME
microsoft.ad.group
The text was updated successfully, but these errors were encountered: