Not counting this as a bug because it's working as designed, but there's room to make this better...
When a third-party identity provider (e.g. AAD) is used for authentication, the API server supports configuration that automatically grants admin permissions to certain users the first time they log in. The logic that checks whether a new user is on that list is currently case-sensitive, but one user has reported this as a minor difficulty.
Consider, for instance, the possibility of an operator who is installing/configuring Brigade and adding colleagues who should be admins, but is unaware of whatever mixed case is used for those colleagues' email addresses in AAD. Such users will not receive the permissions they were meant to on first authn.
There should be no issue with making this case insensitive since email addresses and usernames are always unique irregardless of case.
Not counting this as a bug because it's working as designed, but there's room to make this better...
When a third-party identity provider (e.g. AAD) is used for authentication, the API server supports configuration that automatically grants admin permissions to certain users the first time they log in. The logic that checks whether a new user is on that list is currently case-sensitive, but one user has reported this as a minor difficulty.
Consider, for instance, the possibility of an operator who is installing/configuring Brigade and adding colleagues who should be admins, but is unaware of whatever mixed case is used for those colleagues' email addresses in AAD. Such users will not receive the permissions they were meant to on first authn.
There should be no issue with making this case insensitive since email addresses and usernames are always unique irregardless of case.