AD groups with Single Sign On
I have configured SSO with ping and was able to configure the SAML User successfully with the following format <username>@<doman>
the problem now is that I am trying to configure the SAML groups with the same format and I am able to add them to the webui under SAML Groups <group name>@<domain> but users inside the group fail to authenticate
I configured SSO as followed
Identity provider name: [veritas_configuration]
Identity provider type: [SAML2]
Identity provider user: [userPrincipalName]
Identity provider user groups: [memberOf]
Enabled: [true]
and I am getting userPrincipalName and memberOf in the SAML response in the same format <username/group>@<domain>
Once SSO was setup, I used the WebUI, I had added a SAML group as <group_name>@<full_domain_name> and it worked. The only issue I noticed is that if I use a browser session where I was using SSO with a normal username, it would give me an error. This is because my access to the WebUI/Java console is only via my "admin" account. So make sure the users are using the correct account.
Also, are you able to test SSO using SAML group just for yourself? If that works, there is something on the user's side.