Update User object with user Organization based on Group membership in Active Directory
Closed this issue · 4 comments
OP timer
https://openplus.monday.com/boards/4092908516/pulses/6510466907
Relates to #424
-
@NicoledeGreef I met with the team about this at stand-up today. How we do it depends on how you are set up on you end. If you are using Office 365, there is a module that can connect, then pull all sorts of metadata for use in Drupal. See https://www.drupal.org/project/o365. Currently we are using OpenID connect
-
install module on dv14
-
configure
-
new keys?
-
ensure that the Catalogue admin role can adjust the mappings between AD group and Organization in drupal
The take-away from today's meeting is that the service we are currently using does not provide group information. We could get this information by doing a lookup after every login.
This API could be useful:
https://api.loginproxy.gov.bc.ca/openapi/swagger#/
https://bcgov.github.io/sso-docs/
Relevant channel:
https://chat.developer.gov.bc.ca/channel/sso
SSO docs:
https://bcgov.github.io/sso-docs/advanced/identity-mappers
I have emailed the IDIR team about using a secondary lookup to get the group information.
IDIM recommended reaching out to ADMS team which I did. We received a speedy response and await more info from that team.
Closing this ticket for now with the Icebox tag. We'll pick it up after more discussion with the SSO common component team as they would need to change what they return and this has larger implications than just our product.