Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to create/update a group by assigning SAML attributes #395

Open
hsy3418 opened this issue Feb 7, 2021 · 2 comments
Open

How to create/update a group by assigning SAML attributes #395

hsy3418 opened this issue Feb 7, 2021 · 2 comments
Labels
enhancement feature/service-principals saml/sso upstream-microsoft
Milestone
Blocked

Comments

@hsy3418
Copy link

hsy3418 commented Feb 7, 2021
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hello,

I want to adding claims for a group that linked to an enterprise application using terraform, the claims I am trying to add is a customRole that the enterprise application required for authorise the user, so the user can SSO to the app with the correct role, currently the claim can be added via the AAD UI(See the reference link of how to configure in UI), so I wonder if this process could be automated by calling existing APIs.

New or Affected Resource(s)

  • azuread_group

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References
@manicminer
Copy link
Contributor

Hi @hsy3418, thanks for requesting this feature.

The API that exposes this functionality (https://main.iam.ad.ext.azure.com) is private and we are unable to use it. I believe the only way to configure this at present is by using the Azure Portal. I recommend raising a feature request with Microsoft via any channels you have available and we will do the same, unfortunately this will be blocked until such time as API functionality is made available.

Any additional information you might find, such as a Powershell or Azure CLI implementation, would be helpful and gratefully received.

@manicminer manicminer added this to the Blocked milestone Feb 8, 2021
@patrickmarabeas
Copy link
Contributor

There's a community issue you can upvote here (was the response from our MS enquiry on the issue): https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/38536453-api-to-manage-saml-sso

@manicminer manicminer mentioned this issue Jun 21, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement feature/service-principals saml/sso upstream-microsoft
Projects
None yet
Milestone
Blocked
Development

No branches or pull requests
3 participants
@manicminer @patrickmarabeas @hsy3418