xcreds icon indicating copy to clipboard operation
xcreds copied to clipboard

Published 20 hours ago verified publisher icon twocanoes

Enhancement request: Group Membership Zendesk Ticket 69193

Open mlovingtwocanoes opened this issue 10 months ago • 5 comments

mlovingtwocanoes avatar Apr 22 '24 17:04 mlovingtwocanoes

allowedIfMemberOfGroup would be an array of Group IDs and if the Entra ID trying to login is a member of any of thoses groups they can login regardless (including creating new local account). If a local account exists but the Entra Id is no longer part of a group the login should fail.

twocanoes avatar Jun 16 '24 03:06 twocanoes

added key allowLoginIfMemberOfGroup

twocanoes avatar Jun 16 '24 03:06 twocanoes

pfm_description List of groups that should have members be given local administrator status. Local administrator status can be given on first authentication when account created, or on later sign in of existing user when a group member. Administrator status not removed if group membership later revoked. Set as an Array of Strings of the group identifier. pfm_name allowLoginIfMemberOfGroup pfm_subkeys pfm_name group pfm_type string pfm_title Allow login if member of group. Empty array or not defined does not allow or deny based on group membership pfm_type array

twocanoes avatar Jun 16 '24 03:06 twocanoes

pfm_description is not accurate for this key and seems to have borrowed language from the key allowing group to be admin users. Likely should read more like "List of groups whose members should be allowed to login. If the user is a member of any of these groups they can login regardless (including creating new local account) if authorization succeeds. If a local account exists but the user is no longer part of a group the login will be denied. "

everetteallen avatar Jun 17 '24 14:06 everetteallen

Profile manifest corrected in commit 25bed7f. Closing

everetteallen avatar Jul 18 '24 12:07 everetteallen