Share via

Can I leverage group membership to select attribute during provisioning ?

juggernaut007 21 Reputation points
2022-10-17T22:03:42.627+00:00

Hi Team,

I'm planning to use AAD to provision users to a SaaS app. Few of the users in AAD have a different mail domain. The SaaS app has domain restrictions and isn't allowing us to create users with a mail different domain. Hence I was thinking of using a group to identify users with a different mail domain and transform domain restricted fields in SaaS app with UPN ONLY FOR THOSE users in the group. Curious if AAD supports this use case.
I can define an expression to transform domain restricted fields in attribute mapping by regex. But I would like to use group membership in the expression logic as it gives me more control.

Any suggestions/thoughts would be really helpful.

Thanks in advance !!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,629 questions
0 comments
Accepted answer
  1. Givary-MSFT 30,931 Reputation points Microsoft Employee
    2022-10-18T05:52:59.72+00:00

    @juggernaut007

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "https://learn.microsoft.com/en-us/answers/support/accepted-answers#why-only-one-accepted-answer", I'll repost your solution in case you'd like to "Accept" the answer.

    As per this QnA post https://learn.microsoft.com/en-us/answers/questions/983433/how-can-you-get-the-group-name-when-using-expressi.html above mentioned requirement is not supported.

    Let me know if you have any further questions.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. juggernaut007 21 Reputation points
    2022-10-17T22:54:55.563+00:00
    0 comments