Create Entra Scoping Filter based on AD Group Name

Cobb,Dave 20 Reputation points
2024-05-29T18:06:20.22+00:00

I have an Azure Entra ID Application setup for managing OIDC SSO & SCIM Provisioning with GitHub Enterprise Cloud.

Is there any way I can use Scoping Filters to automatically add AD groups to SCIM based solely on the name of the AD Group?

i.e.
Group Name starts with "github-'"
or
Group Name starts with "github-'" and ends with "-maintainer"

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,108 questions
{count} votes

Accepted answer
  1. Raja Pothuraju 385 Reputation points Microsoft Vendor
    2024-06-06T15:44:53.7+00:00

    Hello @Cobb,Dave,

    Yes, you were right. Previously, I was referring to a different gallery application, namely GitHub Enterprise Cloud - Enterprise Account. The GitHub Enterprise Cloud does support SCIM via Entra.

    I still have the question... can I add groups to the SCIM solely based on their group name using a scoping filter or any other means?

    This is not possible with our service at this time. Mappings and expressions can only be built using attributes contained on the object in question. This means that you can only use attributes on the user object when provisioning a user. Membership of a group is a property of the group object, not the user, and there is no way in our provisioning service to make a mapping that leverages group membership of a user in Azure AD to flow a value in a mapping from source -> target, with the sole exception of the roles attribute via role assignment in the Users and Groups blade of the Enterprise App.


0 additional answers

Sort by: Most helpful