Hi,
We have an enterprise connection setup to an Active Directory instance of one of our customer. The connection has been established for about a year now, and we have written a custom Rule allowing us to get the AD group IDs from the token (as per this knowledge-base article) and make it available on the user metadata so we can consume it in a post login action.
Recently, about a week ago, we’ve started receiving notice from our customer that some of their Active Directory users were having login issues. I checked the user details and I’ve noticed that the group IDs were not there. The group names were still there, and there hasn’t been any changes made to the connection, or the rule and post-login action. All the users that exhibit this problem have the same tenant ID as the users that are working. I can also confirm, from my own testing, that other connections seem to work fine.
I suspect that this may be an issue with the Active Directory configuration but without access to it, I cannot confirm. So my question is:
-
Has there been any other instances of this happening, where some Active Directory users were coming through without group IDs alongside those that have group IDs?
-
Is there a way to see the exchange of group IDs between Active Directory and Auth0? I’m not sure if group IDs are passed through as part of the exchange, or if they’re called via the graph API, but is there a way where I can see that call happening (even if I need to change the rule or post-login action)?
-
Has there been a recent change to how these group IDs are made available to Auth0 that I should be aware of?
Any assistance will be appreciated.
Thanks,
Leon