Open maartenba opened 8 years ago
+:100:
Any plans to support this? It would be great if we could manage users based on AD groups.
Is this supposed to control permissions for TC project? The question is referring to replicating the 'Ldap' mapping integration from AD to Azure AD groups
So what we want is to have groups in TC be synched based on groups from Azure AD. They should sync contain all users that the group/subgroup from Azure AD has. Users will also need to be generated based on the users contained in the Azure AD group/subgroup.
We are in increasing need to have this functionality available as well! We would like to see AzureAD groups synced with TeamCity Groups. Much like how it works for AD Sync today in TeamCity.
There is an added request too. If the OpenID token is used for group based authorization. There is a limit of only including 200 AzureAD groups as part of the token. If the user is a member of more than 200 groups Microsoft returns a Graph API URL endpoint. TeamCity would have to follow this as per the Microsoft spec. Here is an example of this in a Microsoft sample repo: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/5-WebApp-AuthZ/5-2-Groups#processing-groups-claim-in-tokens-including-handling-overage
Is this functionality available in Teamcity to get the Azure AD groups synched and mapped to teamcity groups yet ?
Any updates on this functionality? We are looking forward to implementing this as well if it has support.
We'd like to use group support in our deployment, where:
This will require a call into the Azure AD Graph API to retrieve the user's list of groups.