Restorepoint Dynamic Role and Domain Assignment via SAML SSO using Microsoft Azure
- 2 months ago
OK, so after playing around for a bit I kind of figured out a hacky work around by adding a groups claim in Azure, screenshot below.
From there, I updated the SAML config in Restorepoint to have the Groups Claim reflect the name groups that was returned.
Then, I had to go into the Users section and add in a mapping with the SAML Groups section for a Group within the Entra ID to a Role and Domain. The thing to keep in mind wen setting this up, you have to get the Name and Object ID exactly as it appears in Azure from the Users and Groups section inside the Enterprise Application. Inside that section, click on the group name that you want to map and it will open a new page. Grab the display name and Object ID and then put that on the Restorepoint side and map it to a Role and Domain. Should work for now until something can be updated for using an actual Role passed back instead, which would be preferred.