[Microsoft Login Connector - Traditional Web] Sync roles removing other application roles

Back to Forums

João Marques

mvp_badge

MVP

[Microsoft Login Connector - Traditional Web] Sync roles removing other application roles

Question

Roles

Authentication

Forge

Good afternoon,

As we are exploring login with Microsoft Azure, we were taking a closer look to the action SyncRoles to make sure the user has his roles up to date when he logs in.

As we were taking a look, we realized the following:

Usually, Azure applications login payload only includes the application roles (e.g. AppA Manager) and does not include roles the same user has on other applications (e.g. AppB Manager);
The action will revoke from the user all his current roles in OutSystems database and add the new ones (see code screenshot below);
Given the scenario where user is AppA Manager and AppBManager, if we run this sync after user logins via AzureAD in AppA, his AppB Manager role would be revoked. When the user opened another tab for AppB he would not have access.

Do you foresee a new version where this situation gets handled?

For instance, when registering a new application on the Management application, register the roles of that application (like it is done with eSpaces and resources) and adapt the SyncRoles to only revoke the application roles?

Thanks in advance.

Best regards,

João Marques

01 Sep 2020

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines