Share via

Multiple Group Selections

Ella Stern 60 Reputation points
2023-09-20T17:44:24.94+00:00

Hi all! I am trying to figure out how dynamic groups and giving access can be in Microsoft Azure/Entra. For example, we have multiple business units with different systems, applications, erp's, etc. In azure, we want to create a new user, add them to groups first by selecting which business units they need access to, then that will go into selecting which systems, apps, etc. they can have access to within that business unit. From what I have researched, this seems possible, but I want to confirm it. Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments

Answer accepted by question author

Dillon Silzer 60,931 Reputation points
2023-09-20T20:04:37.24+00:00

Hi Ella,

If you are looking to utilzie nested Azure AD/Entra groups then take a look at this article:

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/create-quot-nested-quot-groups-with-azure-ad-dynamic-groups/ba-p/3118024

I typically use Job Titles/Departments as an identifier for where people should be given access too. Have a look at the following page for what rules are available for dynamic groups:

Dynamic membership rules for groups in Azure Active Directory

https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership

Example:

(user.department -eq "Sales") -and (user.jobTitle -contains "SDE")

This example would include people in the Sales department with the Job Title SDE.

If this is helpful please accept answer.

Was this answer helpful?

0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.