sabre1041
commented
3 months ago @of-vincentvandam is this an issue related to Group Sync Operator or a does it affect how users are allocated to groups within Entra ID?
Open of-vincentvandam opened 3 months ago
sabre1041
commented
3 months ago @of-vincentvandam is this an issue related to Group Sync Operator or a does it affect how users are allocated to groups within Entra ID?
of-vincentvandam
commented
3 months ago The problem is with the syncing. The groups work fine with other integrations (that do not rely on retrieving the groups). My guess (since Entra ID itself is a black box), is that the member requests for these groups are federated and therefor they don't end up when doing a ItemTransitiveMembersRequest.
sabre1041
commented
3 months ago @of-vincentvandam i do not know offhand
We have a Entra ID setup where we have nested groups. For example:
aggregated = group1 + group2
Where group1 and group2 have member users, while aggregated doesn't.
The expectation is that the resulted sync towards OpenShift has all three groups available and that the aggregated group would have the members of both group1 and group2 assigned.
However, we observe that for the aggregated group this only works when its source is 'Cloud'. If the aggregated group source is 'Windows Server AD', it will have no memberships at all.