Accessing Identity Provider groups in actions


I believe I’m asking something very similar to this: Add user attributes to idToken but I will lay out my current issue.

We’re using AzureAD as a connection, and the Azure Identity Provider populates a field called groups.

Looking at the Raw JSON, I get something like this:

    "created_at": "2022-01-12T03:12:55.402Z",
    "email": "",
    "email_verified": true,
    "family_name": "xyz",
    "given_name": "abc",
    "groups": [
        "Conference Rooms",

But within an action, I can’t seem to do something like:

const validGroups = [ "Security" ]; 
for (const vg in validGroups) {
  if (event.user.groups.includes(vg)) {            // Is the user in a valid group?
    hasValidGroup = true;                          // Grant access if in valid group

because the Actions interface tells me that event.user does not have an groups object.

The docs don’t seem to reflect how to access it either (Actions Triggers: post-login - Event Object), am I missing something here?


1 Like

Any ideas on this issue?

I’m encountering the same issue. Here’s another request for the same feature: User object in actions is missing groups

It looks like groups and group_ids are still only available in Rules. The docs say:

Note: The event.user object will not include any top-level attributes added by an external identity provider.

Does that mean that groups and group_ids will never be coming to Actions and that we need to stick with Rules for this feature?