Description: Users that belong to Azure groups are being assigned to the the 'Default' group in OpenVPN Cloud once It logged on
Cause: Attributes and group mapping of Azure and OpenVPN Cloud are not correctly defined
Attributes & group mapping:
Go to the Admin console on the Azure portal, locate the 'All resources' then from the 'Enterprise applications' services choose the SAML app that was created when setting up SAML with Azure AD.
- On the opened page click on the Edit button near User Attributes & Claims section.
- Click on the Add new claim button. In the Name field enter an attribute name that should match the corresponding field on the SP side, in the Source attribute dropdown choose the value that you want this attribute to include. Repeat the same procedure for First name, Last name, and email attributes.
- For Group attribute procedure differs from others. On the User Attributes & Claims page click on the Add a group claim button. Setup needed parameters according to the screenshot and enter the name of your attribute(in my example I called attribute groups). Click on the Save button.
- If the Azure attribute name is longer than in other IdP, you need to enter the entire attribute name on the SP side in order to configure the correct mapping.
From the Admin console on the Azure portal, locate in the 'All resources' the 'Groups' and select the group that mapped in the OpenVPN Cloud. Keep in mind that configuring group mapping on the IdP side we chose Source attribute as GroupID, it means that we will use GroupID=Object ID(not a group name) value, this is the defined value in the OpenVPN Cloud User Group Mapping.
Please sign in to leave a comment.