Forum Discussion
Azure AD Provisioning with Salesforce. Attribute with the Application Groups that a user belong
Hi,
I have SSO between Salesforce and Azure AD using Salesforce App available in Azure. I'm also using provisioning to create the users in Salesforce. Everything works fine, but I need another field to pass to Salesforce: The Application Groups that the user belongs. It is possible to add a field to the User in Azure AD with this information and mapping it in Provisioning -> Attribute Mapping ? Let's say something similar with SingleAppRoleAssignment([appRoleAssignments]), but with all the groups that the user belong regarding only this particular Application.
For user provisioning I have created several groups in the app. For each group I assign a role(profile in Salesforce). Then I assign users to the specific groups. The provisioning start and I also want to send the group(s) that the user is member.
1 Reply
You may not directly map “all application groups” a user belongs to into Salesforce via Azure AD provisioning. The provisioning service only synchronizes attributes explicitly mapped, and group membership is not exposed as a single attribute. You may need to use extension attributes or app role assignments to represent group membership, then map those into Salesforce. learn.microsoft.com/en-us/entra/identity/saas-apps/salesforce-provisioning-tutorial
