How to map Azure AD roles with strapi roles?

[somarjun]

Hello,

We're working on implementing Single Sign-On (SSO) for Strapi. We've successfully connected Azure AD to Strapi using a plugin. Now, we're exploring the process of mapping roles between Azure AD and Strapi SSO. Can you provide guidance on how to achieve this?

[yasudacloud]

@somarjun Hi!

Is this about how to associate Strapi admin roles with OAuth users? It seems that the maximum number of roles in Strapi is now unlimited, even in the Community Edition, so you may want to create your own roles. Thus, for example, you can create two roles, one for an Azured-authenticated administrator and one for a regular user. In this case, you will need a mechanism to link the IDs of your own roles with the data of Azured users.

Sorry if that wasn't an answer.

[Bryelmo]

Hi @yasudacloud, are there any updates about this topic? I noticed that the plugin roles table into the DB is empty and I don't understand how set the SuperAdmin role for the user that logins through Azure.

What kind of data are needed in that DB table? Thanks in advance.

PS: Maybe I can listen the user creation event from Strapi for update the user with the desired admin user role.

[yasudacloud]

@Bryelmo Hi, thanks for the post.

You can grant Super Admin privileges to users logging in with Azure through Single Sign-On in the Administration section. However, if the user has already been created, you will need to change their permissions individually from Settings -> Users.

[GabrieleMorero]

Oh my bad! Sorry I had cache issue in the backoffice. Thank you so much. Everything works.