User Management based on Azure AD Groups

I’m sure I’m missing something incredibly obvious, but I’m struggling to see what it is and hoping someone here can assist.

We have an integration with Azure AD for user authentication. I would like users to be added to teams and organizations based on their Azure AD security group rather than having to add them as individuals.

When I go to the documentation I only see an ability to add users based on their account identifier (emails in the example):
18. Setting up Social Authentication — Automation Controller Administration Guide v4.0.0 (ansible.com)

Is there something I can put in the admin/users field other than their direct login to tell it to check the user’s group membership and add them based on that? A regex on the user’s account identifier will not work as there’s nothing there that would assist in mapping to group membership.

Thanks!

@fhomess Did you ever figure this out, I am running into the same issue and can’t seem to get the org/teams to map to the members of the AzureAD group.

I did not, unfortunately.

You can do this with LDAP, but it does not look like it is possible with Azure AD.

@fhomess Before I go the route of SAML, are you using the AzureAD with Oauth or SAML?

@jiholland unfortunately in our environment the enterprise is pushing AzureAD to move away from LDAP.

@cmalarick15 We’re using AzureAD with Oauth.

@fhomess are you still manually adding each user or is there another method? I am working with my internal SSO team to see if we have any other options but we seem to be striking out as of now.

Why not use the API? awx.awx.user module – create, update, or destroy Automation Platform Controller users. — Ansible Community Documentation