Hello Experts,
I’m using Azure as IdP and IAS as a proxy.
In Azure, I have created groups which are then provisioned to cloud applications via IAS. In IPS I have set up a source system for Azure.
My requirement is to provision only specific groups and their users to IAS – for example, all groups whose names start with "SAP_" – without having to constantly modify the JSON transformation code.
To achieve this, I have configured the following parameters in the source system:
aad.group.filter = startsWith(displayName,'SAP_')
aad.user.filter.group.filter.combine = true
However, it seems that with these settings, all users in Azure are still being queried, which – as far as I understand – can lead to performance issues, especially in large environments.
My questions:
Is there a way to use the aad.user.filter parameter to ensure that only users who belong to the filtered groups (e.g., those with the prefix SAP_) are provisioned, without having to hardcode group names or regularly change the transformation code?
Is it possible to implement something like this:
aad.user.filter = users who belong to the groups defined in aad.group.filter
What is the recommended approach to efficiently and dynamically filter only the required groups and their members?
Thank you in advance for your support
Many Thanks
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.