1. What is the nature and description of the request?

• Azure AD authentication (OIDC) with group claim./ Cannot restrict groups with Azure AD Authentication #7362

1. Why does the customer need this? (List the business requirements here)

• The customer is currently using the Azure AD Enterprise Authentication feature within the Ansible Automation Platform. With the current Organization and Team Mapping within AAP it is only possible to map users based on their username and/or e-mail address which doesn't scale. Every user needs to be known to map them manually to the right Organization and/or Team.

Azure AD OIDC also provides the functionality to pass the 'groups claim' to the application (https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims). With this you can map users based on their group memberships to organizations and/or teams. This is however currently not supported by the Ansible Automation Platform or AWX.

It does seem to be possible with SAML but our organization prohibits customers from using SAML as an authentication method because OIDC is the 'new' standard.

As Red Hat is positioning the Ansible Automation Platform as an Enterprise platform/product Cu is requesting to add support for this.

1. Github Link if any

• On the Github of AWX an issue was raised for this in 2020 https://github.com/ansible/awx/issues/7362