Please can you help to fix my issues
AD via OIDC
All connected and working but i’m having issues with groups
Eg Azure AD had group> t2_admin
I would like to get only the members of the t2_admin AD group to have the Vault admin policy applied
At the moment when I login with OIDC and enter the Role “t2_admin” all users get the admin policy. I’m almost there but if you can point me in the right direction that would be great.
I’ve looked in forums and blogs and nothing working yet…
Any help Appreciated
Resurrecting an old post, but have you gotten group mappings to work?
I use a combination of roles and Identity Groups.
On the role
Create an Identity Group:
-
name is your desired group name (can match your AzureAD group name or can be something unique)
-
type is external
Finally create an Identity Group Alias:
-
canonical_id is the internal ID number of your Identity Group created above
-
name is the group ID in Azure (usually formatted as a UUID)
-
mount_accessor is the accessor ID of your Azure JWT auth method mount
If you don’t want to use Identity Secrets you may be able to specify the bound_claims parameter on the role (please note that I have not tested this with AzureAD/OIDC):
-
bound_claims is a map of group = <azuread_group_id>
1 Like
Excellent. I cobbled together a similar config for Gsuite and this is nice to compare it to.