Hi
I'm having some problems with SAML Group Synchronisation, from Azure.
Have successfully set up SSO in our environments and new users are created automatically. However, I can't get the Group Sync to work. I know that one particular group does exist in Azure and am using the ObjectId of this group. I think the problem may be that the groups don't show up in the SAML messages. Am I correct to say that in the SAML messages, there should be a SAML Group attribute, as documented here https://docs.appian.com/suite/help/21.1/SAML_for_Single_Sign-On.html#group-membership-synchronization
i.e. something like below
<saml2:AttributeStatement> <saml2:Attribute Name="member-of" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
In my SAML file, the AttributeStatement section contains only attributes related to my user account i.e. displayname, surname etc.
Can anyone confirm?
Thanks.
Discussion posts and replies are publicly visible
Hi markd981,
Yes, you are correct. The SAML request should contain the attribute that you have configured with the group membership synchronization.
In your Azure AD SAML configuration you will need to add Group Claims as an additional claim. Once this is done you will get a list of ObjectIds for the users groups which you can then use to sync users in your Appian groups.