After following guide to linking Azure Active Directory (AAD) as IdP to Auth0, adding all the required permission to the AAD application in Azure Console and following the extra steps for configuring (as described in Step #2 - auth0 dot com/docs/connections/enterprise/azure-active-directory/v2#2-configure-the-permissions).
I have added three groups to one test identity within the AAD.
And checked the IdP settings
- Extended Attributes > Extended Profile: true
- Extended Attributes > Get user groups: true
- Extended Attributes > Include all the groups the user is member of, even if the user is not a direct member: true
- Max number of groups to retrieve: 2
How can I make sure that the groups are retrieved from the AAD when user logs-in? Because in the identity the groups I have assigned to this user in the AAD are not retrieved. When I open the profile within Auth0 (as Raw JSON) no groups array is found:
Raw JSON (sensitive data masked)
{
“upn”: “live,com#hotmail,com",
“azure_id”: "SX9j”,
“given_name”: “pet****”,
“family_name”: “van****”,
“nickname”: “live,com#hotmail,com",
“tenantid”: "8dd8”,
“email”: “pete****”,
“oid”: “36a8****”,
“email_verified”: true,
“name”: “hotmail,com van”,
“updated_at”: “2019-05-27T12:54:02.337Z”,
“user_id”: “waad|SX9ji****”,
“picture”: “",
“identities”: [
{
“user_id”: "SX9ji”,
“provider”: “waad”,
“connection”: “examp****-waad”,
“isSocial”: false
}
],
“created_at”: “2019-05-27T12:45:46.702Z”,
“last_ip”: “****”,
“last_login”: “2019-05-27T12:54:02.337Z”,
“logins_count”: 2,
“blocked_for”: ,
“guardian_authenticators”:
}