Copy of mail from Customer Triodos Bank:

this is my feedback about the Enterprise Authentication with SAML. Maybe the feedback can be used to improve the Ansible Automation Platform in the future.

We have configured the Ansible Automation Controller 2.4 with Enterprise Authentication and SAML and Azure Multi Factor Authentication.

I was able to configue everything with Active Directory groups (Teams, is_superuser) except for the Organizations.

We have multiple organizations (Test and Prod) and I would like to explicitly assign a user to an Organization via Active Directory groups.

The controller expects an array of organizations. With an array it is working fine but not with groups.

It does work with groups if you are using LDAP authentication.

 

I expected that the configuration for the SAML Organization Attribute Mapping would be like below (like as for Teams).

The group then represents an organization. Unfortunately it does not work like this.

 

SAML Organization Attribute Mapping:

{

  "remove": true,

  "saml_attr": http://schemas.microsoft.com/ws/2008/06/identity/claims/groups,

  "organization_map": [

   

{       "organization_alias": "OrgTest",       "organization": "DOMAIN\\MGA_GL_SG_Ansible_OrgTest"     }

  ]

}

 

See also:

https://www.ansible.com/blog/mapping-saml-attributes-to-red-hat-ansible-automation-platform-organizations-and-teams

Has also been discussed in case 03561767.