Daniel opened 1 month ago
is it possible to add a second domain for Active Director in external authentication y? The search base is in the format dc=XYZ dc=local but we cannot add a second domain in here.
Alternative: Is it possible to have an Azure AD implementation for external authentication?
As far as I know, users normally reside under a single tree . Can you please help me understand why multiple search bases are necessary here?
Currently AD implementation should be able to be configured to work with Azure AD. Or does Azure AD have some special things?
Multiple search bases are needed in our case, because we have at the moment two trusted domains, which can not be merged into one domain. Users from both domains should access OneDev.
We will try with Azure AD and come back with the results to you! Thank you for your support!
Hi, i am working with Daniel on this topic.
The integration using EntraID (formerly Azure AD) was partially successful. Without the "Groups Claim" option, the login works. If "groups" is entered in "Groups Claim", the following error message appears:
code: invalid_client, description: AADSTS650053: The application '' asked for scope 'groups' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor. Trace ID: Correlation ID: Timestamp: , http status code: 302
The EntraID settings were taken from another service, where the login and group assignment via "groups" works . Is there a way to see the connection and authentication requests in the server log?
Robin Shen changed state to 'Closed' 1 week ago
Please upgrade to build #4687 and define sso provider of type
LDAP authenticator of this release also improved to accept multiple user search bases.