Vault OIDC automatic creation of external groups from ADFS and automatic assigning of policies to entities


I have Vault working with OIDC and ADFS.
How can we automate the external group creation in vault and assign the right policy to the users of those groups?
I’ve made it manually for one external group and for one user through one of its entities.
But this isn’t a viable way of working for a potential system with several hundred different groups and even more users.

Best regards,


You would need to write something that makes the appropriate calls to the Vault API to set up these groups.

Thank you @maxb for your reply.