I’m using Boundary v0.2.0 and would like to add OIDC authmethod and leave it as non-default, so users won’t be created automatically during the first ‘authenticate’. Instead of I’d like to control how I ‘import’ users, add to groups etc (using API)
I know I can add users/accounts and ‘link’ them together. I have a problem with the
subject for the account.
If I use Auth0 - I can do it because
sub in the token is set to userId from Auth0.
But for Azure AD (my preferred OIDC provider) it’s not possible to get
sub for the user because it’s unique for each Azure AD Application (the same user will have a different
sub for different Application), and not possible to get using MS Graph API.
Is there any ‘workaround’ now (or potentially in the future) to add users/accounts related to Azure AD by API without having the
Or the only way to do it (today and in the future) is to set the Azure AD OIDC authmethod as the primary authmethod, wait until the user will ‘authenticate’ for the first time, and then properly ‘manipulate’ user/account/group (what won’t be the best UX)?