Azure AD setting access within episerver

Vote:
 

Hi All,

I have changed our authentication to connect to Azure AD. I've followed all of the instructions on OWIN security but am having an issue with "set access" within the CMS.

I can authenticate and login to the CMS as WebAdmins, but when I go to admin-> set access and search groups, it only returns the AD groups that I am a member of, not all of the groups, which is what we need to allocate access.

Any ideas?

Thanks,

Paul

#201180
Feb 07, 2019 21:48
Vote:
 
  1. Did you click the little button "Add User/Groups" in the set access rights? As you need to add the groups/users first before you can set the rights for them.
  2. Theres an issue I reported that even with OWIN/Azure users turne on the underlying providers can return only the asp.net identity users/groups. See my blog for a workaround https://benfoster.io/blog/high-performance-image-processing-with-image-resizer-and-azure 
#201196
Feb 08, 2019 13:15
Vote:
 

Yep, clicking the "add user/groups" button, then searching for groups only returns groups that I am a member of.

I'm expecting it to return all AD groups? not just the ones I am a member of.

In the manifest file. I have set 

"groupMembershipClaims": "All",
The application has been given the permissions "Read directory data" then delgated permissions: Sign in and read user profile, Read all users' basic profiles, Read all users' full profiles,Read all groups,Read directory data 
And I have done the "grant permissions" gotcha. 
But it makes no difference. I am using the alloy mvc solution as a base with the modifications found on world to configure azure ad.
Any suggestions?

#201337
Feb 15, 2019 0:25
Vote:
 

From what I've looked at with the user/role sync services only the roles that come back in users claims are created in to the system. I'd suggest give a user all roles and logging in and seeing if this creates the roles for you. It's a dirty workaround but might work

#201348
Feb 15, 2019 10:57
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.