Update User object with user Organization based on Group membership in Active Directory

Question

Update User object with user Organization based on Group membership in Active Directory

Closed this issue 4 months ago · 4 comments

NicoledeGreef commented 5 months ago

OP timer

https://openplus.monday.com/boards/4092908516/pulses/6510466907

Relates to #424

OpenID Connect Microsoft Azure Active Directory client
@NicoledeGreef I met with the team about this at stand-up today. How we do it depends on how you are set up on you end. If you are using Office 365, there is a module that can connect, then pull all sorts of metadata for use in Drupal. See https://www.drupal.org/project/o365. Currently we are using OpenID connect
install module on dv14
configure
new keys?
ensure that the Catalogue admin role can adjust the mappings between AD group and Organization in drupal

Answer 1 · 2024-05-01T19:20:29.000Z

The take-away from today's meeting is that the service we are currently using does not provide group information. We could get this information by doing a lookup after every login.

This API could be useful:
https://api.loginproxy.gov.bc.ca/openapi/swagger#/
https://bcgov.github.io/sso-docs/

Relevant channel:
https://chat.developer.gov.bc.ca/channel/sso

SSO docs:
https://bcgov.github.io/sso-docs/advanced/identity-mappers

Answer 2 · 2024-05-01T21:15:52.000Z

I have emailed the IDIR team about using a secondary lookup to get the group information.

Answer 3 · 2024-05-02T23:09:20.000Z

IDIM recommended reaching out to ADMS team which I did. We received a speedy response and await more info from that team.

Answer 4 · 2024-05-27T18:31:25.000Z

Closing this ticket for now with the Icebox tag. We'll pick it up after more discussion with the SSO common component team as they would need to change what they return and this has larger implications than just our product.