Skip to Content (Press Enter)
2024-05-01 02-52-20
Felipe Guerra
19Views
1Comments
Azure AD integration, claims (ODC)
Question
ODC
  • I HAVE A FUNCTIONAL INTEGRATION WITH AZURE AD (ENTRA ID), BUT I WANT TO RECEIVE A GROUP CLAIM AND ACCORDING TO THE GROUP, ASSIGN IT TO A ROLE IN OUTSYSTEMS ODC.



      I don't know where to get those claims from .

0
0
16 Sep 2025
Copy Link
2023-12-26 10-35-28
OutSystems Neo
Staff
AI Generated

To configure Azure AD (now Microsoft Entra ID) integration with OutSystems Developer Cloud (ODC) and properly receive group claims to assign roles based on those claims, you can follow these steps:

  1. Set Up Microsoft Entra ID as an External IdP in ODC:

    • Log in to the ODC Portal.
    • Navigate to the Identity Providers tab.
    • Click Add Provider > OpenID Connect and complete the setup steps. Use the guidance provided in the official documentation to configure details like the Discovery Endpoint, Client ID, and Client Secret Add Microsoft Entra ID for use as external identity provider.

  2. Configure Group Claims in Microsoft Entra ID:

    • In the Azure Portal, go to App Registrations and select the application integrated with OutSystems.
    • Navigate to Token Configuration, and add a new claim for Groups:
      • Choose to issue groups in the claim as group IDs or group names.
      • Ensure you select the appropriate option for security groups, distribution lists, or directory roles.

  3. Map Group Claims in the ODC Identity Provider Configuration:

    • In the ODC configuration screen, under the Claim Mapping section, map the group claim name (e.g., http://schemas.microsoft.com/ws/2008/06/identity/claims/groups) to a field such as groups in ODC.
    • If you need more refined group filtering, ensure proper claims are constructed in Azure AD by using custom claims or claims mapping policies Azure groups not passed to OutSystems.

  4. Verify Group Mapping:

    • After logging in to ODC, groups that match either group names or GUIDs in Azure Active Directory should now be recognized.
    • You can create groups in OutSystems with the same name or ID to properly link the imported groups and assign roles accordingly.

  5. Assign Roles to Groups in OutSystems:

    • In the User Management section of ODC, assign roles to the groups that were imported from Azure AD. This will ensure that users logging in with a specific group claim automatically receive the correct permissions.

  6. Test and Debug:

    • Perform a login test and observe if the groups are coming in as expected.
    • If groups are not being retrieved, check the logs in the Azure Portal for the issued token claims. Ensure Azure AD is correctly sending the necessary group data.
    • You can also inspect the login response in ODC logs to validate the group claim Assigning groups.

By following these steps, ODC will be integrated with Azure AD (Microsoft Entra ID), with group claims being received and roles being assigned based on these claims. Let me know if you have any specific issues or need further clarification!

1
0
16 Sep 2025
Copy Link
This answer was AI-generated. Please read it carefully and use the forums for clarifications
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.