Accessing Identity Provider groups in actions

Hello,

I believe I’m asking something very similar to this: Add user attributes to idToken but I will lay out my current issue.

We’re using AzureAD as a connection, and the Azure Identity Provider populates a field called groups.

Looking at the Raw JSON, I get something like this:

{
    "created_at": "2022-01-12T03:12:55.402Z",
    "email": "abc.xyz@lmno.com",
    "email_verified": true,
    "family_name": "xyz",
    "given_name": "abc",
    "groups": [
        "Conference Rooms",
        "Security",
        "app-google",
        "app-calendly",
...

But within an action, I can’t seem to do something like:

const validGroups = [ "Security" ]; 
for (const vg in validGroups) {
  if (event.user.groups.includes(vg)) {            // Is the user in a valid group?
    hasValidGroup = true;                          // Grant access if in valid group
  }
}

because the Actions interface tells me that event.user does not have an groups object.

The docs don’t seem to reflect how to access it either (Actions Triggers: post-login - Event Object), am I missing something here?

Thanks
Luke

1 Like

Any ideas on this issue?

I’m encountering the same issue. Here’s another request for the same feature: User object in actions is missing groups

It looks like groups and group_ids are still only available in Rules. The docs say:

Note: The event.user object will not include any top-level attributes added by an external identity provider.

Does that mean that groups and group_ids will never be coming to Actions and that we need to stick with Rules for this feature?