-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
n/a
-
None
-
False
-
-
False
- What is the nature and description of the request?
When using OIDC integration with EntraID, the user is authenticated but there is currently no support for team and organization mappings for OIDC (https://docs.ansible.com/automation-controller/latest/html/administration/ent_auth.html#generic-oidc-settings).
However, it is there using SAML (see SAML Organization and Team Attribute Mapping https://docs.ansible.com/automation-controller/latest/html/administration/ent_auth.html#saml-settings).
EntraID provides group mapping in the OIDC response (using JWT fields of the token: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-group-claims).
In some customers, there are some policies to provide only OIDC access to Entra ID.
- Why does the customer need this?
It is mandatory from security team to authorize based on the EntraID structure and only provides OIDC for integrating with it.
- How would you like to achieve this?
Similar as the approach with SAML.
- List any affected known dependencies: Doc, UI etc..
- Github Link if any