I’ve configured an OIDC auth method to vault using Azure AD, I can successfully authenticate as users granted access to the app registration. I now need to assign users Vault roles based on if they are a member of an Azure AD group.
I was wondering if anybody was able to expand upon this statement in the docs:
Finally Azure AD group can be referenced by using the groups
objectId as the group alias name for the external group.
My role configuration to allow access to a “green” kv engine looks like this:
vault write auth/oidc/role/green
bound_audiences=“Azure AD Client ID”
I need to create a “green” azure AD group and reference that somehow, but I’m not sure how from the available documentation.