With the introduction of 13.2, and Okta support, some users are finding that secondary group mappings assigned to SSO users are not able to see the secondary virtual directories carried down by those groups. This is due to Entra ID not automatically pulling the group attribute into Cerberus.
This process will guide you along manually inputting that group attribute claim to restore usage of secondary virtual directories.
First, we'll need to make sure your Entra ID environment is also sharing this group attribute. Here's what it should look like in Entra ID, and what it needs as it's source attribute:
Now in Cerberus, within 'SSO Users' > 'SSO Configuration, you'll want to click "Add" next to the blank group membership, type will be 'Group ID', then just copy and paste the attribute into Cerberus. It should have the same formatting as the other attributes. It should be similar to this "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
After saving these changes, upon logging in, the secondary virtual directories should now be visible.
Comments
0 comments
Please sign in to leave a comment.