add steps for group mapping with names for Azure #785
Conversation
|
|
||
| - Spacelift account with admin permissions | ||
| - Azure account with permissions to create an "App registration" within Microsoft Entra ID | ||
|
|
||
| ## Configure Account Settings | ||
|
|
||
| Open **Organization settings** for your Spacelift account. | ||
| Open **Organization settings** for your Spacelift account. |
There was a problem hiding this comment.
It looks like your editor left some trailing white spaces. There are multiple occurrences, not just this one. Could you fix them? (I know you just tried a new editor—if it’s properly configured, it should trim these automatically.)
|
|
||
| To use Spacelift's IdP Group Mapping feature, navigate to **Spacelift > Organization Settings > IdP Group Mapping** and select **Map IdP group**. | ||
|
|
||
| Due to a limitation in Microsoft Entra ID, Group IDs are passed to Spacelift instead of group names. When setting up your group mapping, ensure you map the Group IDs, not the group names. You can add a human-readable name in the description field for easier identification. |
There was a problem hiding this comment.
Actually, Azure can be configured to send group names — it’s just cumbersome to set up. If we used group names, the mapping would also break if a group’s display name changed. The IDs, however, cannot change. So we stick with them.
I would rather say: "Azure sends group IDs in UUID format, which is not human-readable, so a description can be provided."
|
|
||
|  | ||
|  | ||
|
|
||
| ## Spacelift: Set Up IdP Group Mapping (Optional) |
There was a problem hiding this comment.
I wonder if this section belongs here, or rather in the general IdP mapping documentation. If I were just setting up the OIDC integration, I’d probably be confused at this stage about what IdP group mapping is.
The problem is that our documentation currently says very little about IdP mapping as a feature.
Maybe this section should just be a small info box in the group claim configuration above—mentioning that Azure uses UUIDs as group IDs, and that we recommend adding a description on the Spacelift side when setting up IdP group mapping later.
There was a problem hiding this comment.
I like the info box suggestion 👍🏻
|
The faulty link, is flaky. It gives me too many requests. But then later it loaded. |
Description of the change
Checklist
Please make sure that the proposed change checks all the boxes below before requesting a review:
mainbranch.If the proposed change is ready to be merged, please request a review from
@spacelift-io/solutions-engineering. Someone will review and merge the pull request.Spacelift employees should request reviews from the relevant engineers and are allowed to merge pull requests after they got at least one approval.
Thank you for your contribution! 🙇