fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

Add end user's IdP information from Entra ID to host vitals

Open marko-lisica opened this issue 7 months ago • 3 comments

Goal

User story
As an IT admin,
I want to add end user's info (e.g. IdP email, full name, IdP groups, etc.) from the Entra ID identity provider (IdP) to host vitals
so that I can so that I can identify which end user is assigned to each host.

Key result

Different apps, OS settings, and queries for different employees based on department

Original requests

#21028

Context

  • Product Designer: @marko-lisica

Changes

Product

  • [ ] UI changes: No changes.
  • [ ] CLI (fleetctl) usage changes: No changes.
  • [ ] YAML changes: No changes.
  • [ ] REST API changes: No changes.
  • [ ] Fleet's agent (fleetd) changes: No changes.
  • [ ] GitOps mode changes: No changes.
  • [ ] Activity changes: No changes.
  • [ ] Permissions changes: No changes.
  • [ ] Changes to paid features or tiers: Fleet Premium only. Pricing table PR
  • [ ] My device and fleetdm.com/better changes: No changes
  • [ ] First draft of test plan added
  • [ ] Other reference documentation changes: No changes.
  • [ ] Once shipped, requester has been notified
  • [ ] Once shipped, dogfooding issue has been filed

Engineering

  • [ ] Test plan is finalized
  • [ ] Contributor API changes: N/A
  • [ ] Feature guide changes: Bring back Entra ID part from this doc.
  • [ ] Database schema migrations: N/A
  • [ ] Load testing: N/A

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires load testing: No
  • Risk level: Low

Test plan

Make sure to go through the list and consider all events that might be related to this story, so we catch edge cases earlier.

  • [x] Make sure that Entra ID SCIM integration can be connected to Fleet by following the user guide provided here.
  • [x] If users create SCIM integration app in Entra ID, and something isn't right when they try to test connection, make sure that state of integration card on /settings/integrations/identity-provider isn't changed. It should be changed after the first successful request from Entra ID SCIM client.
  • [x] Make sure that after the first successful request (IdP connected) from Entra ID, to always show the latest request from Entra on /settings/integrations/identity-provider page with timestamp. In case of error, make sure that Fleet show error message in a tooltip that appears on hover over text in the integration card.
  • [x] Make sure that Groups in User card match those assigned to user in Entra ID (IdP).
  • [x] Make sure that the information populated in User card match those that are assigned to user in Entra ID.
  • [x] Make sure that when user information is updated in Entra ID, that change is reflected on host details. (e.g. if admin changed lastName in Entra D, it should be changed in Fleet, and if admin changes userName in Entra ID it should be changed in Fleet as well.)
  • [x] Make sure that group assignment changes in Entra ID are reflected in Fleet (e.g user in Entra ID got assigned to a new group or user got removed from a group).

Happy path

  1. Create Entra ID SCIM enterprise application and connect it to Fleet, following Fleet's user guide that's linked in Fleet UI
  2. Assign users and groups to SCIM application to send them to Fleet, following Fleet's user guide.
  3. Enroll new host via ADE (with end user authentication enabled)
  4. After successful enrollment, go to host details of that host and make sure that Username (IdP), Full name (IdP) and Groups (IdP) are populated based on IdP username that's assigned to user via ADE enrollment flow.
  5. Go to Entra ID, go to that user that's mapped to a host above, change its last name, and make sure that the change is reflected in Fleet.

Testing notes

Confirmation

  1. [x] Engineer: Added comment to user story confirming successful completion of test plan.
  2. [x] QA: Added comment to user story confirming successful completion of test plan.

Video demo

https://youtu.be/7PM41LBsnig

marko-lisica avatar Apr 14 '25 12:04 marko-lisica

Hey @georgekarrv just a reminder that these stories are ready for specs:

  • #28196
  • #28197

Can you please get them ready for estimation tomorrow? Please let @marko-lisica and I know if we can help!

noahtalerman avatar Apr 22 '25 12:04 noahtalerman

Testplan complete

getvictor avatar May 08 '25 21:05 getvictor

QA Test Results:

✅ completed the test plan and happy path workflow successfully

Image

PezHub avatar May 30 '25 05:05 PezHub

Entra ID in view, Host vitals show me, show you, Clarity anew.

fleet-release avatar Jun 25 '25 12:06 fleet-release