Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3989

Azure AD OIDC IdP Group Claim to properly sync group names in OCP

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Major Major
    • None
    • OpenShift 4.0
    • Auth, Documentation
    • True
    • It is importante for the business perspective and our customers.
    • False
    • Azure
    • Yellow
    • x86_64
    • Enhancement
    • Azure Red Hat Openshift

      1. Proposed title of this feature request

      The problem being faced is that when using the Microsoft Identity Platform (AAD) for syncing groups in OpenShift Container Platform (OCP) via OIDC IdP, the names of the AAD groups are not synced properly and instead the group ID in Azure AD is used as the group name in OCP. This behavior is not supported according to the latest OCP 4.12 documentation. The expectation is to have the group names properly synced from AAD to OCP. A request for enhancement (RFE) is being made to address this issue.

      2. What is the nature and description of the request?

      This behavior is not supported as per the latest OCP 4.12 documentation. The expectation is to have the group names synced correctly from AAD to OCP. 

      https://docs.openshift.com/container-platform/4.12/authentication/identity_providers/configuring-oidc-identity-provider.html

       

      3. Why does the customer need this? (List the business requirements here)

      It is importante for the business perspective and our customers.

      4. List any affected packages or components.

       

              atelang@redhat.com Anjali Telang
              rhn-support-vyoganan Vivek Yoganand A
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: