Azure AD Agent <--> Group assignment

gob · Post by **gob** » 13 Mar 2022, 20:03

Hi
I have been testing a configuration on a new install using Azure AD DS (Secure LDAP) as the authentication service for our agent accounts.
Agents can sign in using their Azure AD creds OK and I can assign Znuny group membership based on the members of an Azure AD group such as for the admin group.

I have created quite a comprehensive group structure and assigned agents to the groups in the Znuny admin interface. However when an agent logs out and back in again they only get the groups that are assigned through Azure and not any locally assigned groups. Also, it seems that only azure users can now log in and not any local accounts.

This may be by design I guess but would be handy if I can manage the group membership through the Znuny interface as it's much simpler to set up.

Any thoughts on that?

Post by **root** » 14 Mar 2022, 12:04

Hi,

You have to make a decision: setting permissions via AuthSyncModule based on Azure AD group membership or manually. The AuthSyncModule resets the permissions every time. To prevent this you need to disable this feature.

- Roy

gob · Post by **gob** » 14 Mar 2022, 16:08

Thanks Roy. I thought as much.
I can at least still use Azure AD for Authentication and Znuny group management it would seem if I do not use Azure for any group membership.
I will stick with that for now.

Thank you

Znuny Open Source Ticketsystem

Azure AD Agent <--> Group assignment

Azure AD Agent <--> Group assignment

Re: Azure AD Agent <--> Group assignment

Re: Azure AD Agent <--> Group assignment