Hi, we have integrated with OpenID Connect so that users can log in with their AD user. From there we want to add users in different groups. These groups have different permissions in the CMS. Let's say I create a group in Azure AD called NewsPageEditors and add a user to that group in Azure AD. Will that group be synched to Optimizely CMS so we can set permissions?
Yes they will be synced/cached, however you first need to login with a user that has the group you would like to sync.
Once they login the group will be synced and then you will be able to set permissions as normal from within the CMS Admin section.
Any issues let us know.
Just another question. How can we remove groups that are not from Azure AD?CmsAdmins and CmsEditors have not been created in Azure AD. Since we have integrated with AD, the functionality to Administer Groups is not available anymore, which is correct.
CmsAdmins and CmsEditors are mapped roles, they are mapped to WebAdmins,Administrators and WebEditors, respectively. You can check your web.config/appsettings.json and remove those roles (inside episerverframework section) if you don't need them. I'd rather leave them as is
Is it possible to see which users are in which group in the CMS?
You can see which groups an user is in, and which users in a certain group, but not all at once
I don’t think you can see which groups that users belong to in CMS as your users and groups are managed from Azure AD. You might be able to find syhronizrd user and roles from database tables - from memory synchronised users and roles are stored in two tables with name "sync" keyword. You could build custom UI to display them.