Hey all,
I work on the IT side of the house but working with our Automation Engineer who uses Ignition.
I have setup a SAML identity provider (Azure AD for us) in ignition and have it where I can successfully login (to the gateway for now, Ill worry about more fine grained permissions once i get the gist of it)
I have setup the mapped user attributes and I am currently passing these
ID
Username
First Name
Last Name
Email
Roles
I created an AD group which has me and our Ignition admin in it and I have it assigned it to our azure AD app that I created for the ignition SAML and I can see that group name being passed into the roles attribute (I just called it Ignition_Admins) Eventually we will have a few different AD groups depending on the level of user access
What I am really stuck on is now mapping that AD group to roles within Ignition (IE I want my Ignition_Admins group having an Admin role assigned to it).
Also what is the best way to handle user provisioning? Is there an automated way that I can push all the members of my group into Ignition or perhaps create the user when someone in the correct AD group tries to sign in.
I did see the Users,Roles section to create a new user source but those seem to mostly point to on prem AD and not azure. Can I use my Azure idp for both authentication and provisioning?
Thanks!
