AI OnAI Off
Azure AD setting access within episerver
- Did you click the little button "Add User/Groups" in the set access rights? As you need to add the groups/users first before you can set the rights for them.
- Theres an issue I reported that even with OWIN/Azure users turne on the underlying providers can return only the asp.net identity users/groups. See my blog for a workaround https://benfoster.io/blog/high-performance-image-processing-with-image-resizer-and-azure
Feb 08, 2019 13:15
Yep, clicking the "add user/groups" button, then searching for groups only returns groups that I am a member of.
I'm expecting it to return all AD groups? not just the ones I am a member of.
In the manifest file. I have set
"groupMembershipClaims": "All",
The application has been given the permissions "Read directory data" then delgated permissions: Sign in and read user profile, Read all users' basic profiles, Read all users' full profiles,Read all groups,Read directory data
And I have done the "grant permissions" gotcha.
But it makes no difference. I am using the alloy mvc solution as a base with the modifications found on world to configure azure ad.
Any suggestions?
Feb 15, 2019 0:25
From what I've looked at with the user/role sync services only the roles that come back in users claims are created in to the system. I'd suggest give a user all roles and logging in and seeing if this creates the roles for you. It's a dirty workaround but might work
Feb 15, 2019 10:57
Hi All,
I have changed our authentication to connect to Azure AD. I've followed all of the instructions on OWIN security but am having an issue with "set access" within the CMS.
I can authenticate and login to the CMS as WebAdmins, but when I go to admin-> set access and search groups, it only returns the AD groups that I am a member of, not all of the groups, which is what we need to allocate access.
Any ideas?
Thanks,
Paul