User Management based on Azure AD Groups

fhomess · November 27, 2023, 11:10pm

I’m sure I’m missing something incredibly obvious, but I’m struggling to see what it is and hoping someone here can assist.

We have an integration with Azure AD for user authentication. I would like users to be added to teams and organizations based on their Azure AD security group rather than having to add them as individuals.

When I go to the documentation I only see an ability to add users based on their account identifier (emails in the example):
18. Setting up Social Authentication — Automation Controller Administration Guide v4.0.0 (ansible.com)

Is there something I can put in the admin/users field other than their direct login to tell it to check the user’s group membership and add them based on that? A regex on the user’s account identifier will not work as there’s nothing there that would assist in mapping to group membership.

Thanks!

cmalarick15 · October 28, 2024, 8:16pm

@fhomess Did you ever figure this out, I am running into the same issue and can’t seem to get the org/teams to map to the members of the AzureAD group.

fhomess · October 29, 2024, 3:18am

I did not, unfortunately.

jiholland · October 29, 2024, 9:01am

You can do this with LDAP, but it does not look like it is possible with Azure AD.

cmalarick15 · October 29, 2024, 11:28am

@fhomess Before I go the route of SAML, are you using the AzureAD with Oauth or SAML?

@jiholland unfortunately in our environment the enterprise is pushing AzureAD to move away from LDAP.

fhomess · October 29, 2024, 5:06pm

@cmalarick15 We’re using AzureAD with Oauth.

cmalarick15 · October 29, 2024, 6:49pm

@fhomess are you still manually adding each user or is there another method? I am working with my internal SSO team to see if we have any other options but we seem to be striking out as of now.

jiholland · October 29, 2024, 7:15pm

Why not use the API? awx.awx.user module – create, update, or destroy Automation Platform Controller users. — Ansible Community Documentation

Karen_Lopez · February 5, 2025, 1:10am

Hello, new to the forum…Setting up SSO on most of our tools… Setting up Azure AD with our Ansible AWX… Got most setting correct but getting AADSTS900971: No reply address provided. It says got the wrong redirect URI… just not sure where to check. Thanks

ildjarn · February 5, 2025, 12:46pm

Use SAML authentication, you can map groups to teams with the SAML Team Attribute Mapping.
https://docs.ansible.com/ansible-tower/latest/html/administration/ent_auth.html#saml-authentication-settings

Karen_Lopez · February 5, 2025, 10:25pm

Thanks for the link. I was able to get the value to put in for the redirect URI on th ENTRA side.

Topic		Replies	Views
Azure AD oauth and groups AWX Project awx , azure	2	15	July 31, 2021
Can we do group to organization mapping when using Azure AD? AWX Project azure	4	11	November 1, 2018
AWX Azure AZ team and organization map Ansible Project awx , azure	1	15	August 12, 2022
Azure AD and AWX Integration AWX Project awx , azure	0	13	April 29, 2019
AWX SAML Configuration Ansible Project awx	2	8	September 10, 2020

User Management based on Azure AD Groups

Related topics