Hi,
I have changed the AzureAD of my Octopus Server, to a new app in a new Azure tenant.
Users have no problem signing in. But because I have defined permissions bases on external Azure AD groups, they don’t have certain permissions unless I add the permissions explicitly.
I have two AD groups. The app roles in Azure for Octopus is like this:
{
"allowedMemberTypes": [
"User"
],
"description": "DevOps",
"displayName": "P&I Domain DevOps",
"id": "f6aa29a3-9260-418c-a655-309735b90c63",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "P&IDomainDevOps"
},
{
"allowedMemberTypes": [
"User"
],
"description": "P&I Domain Developers",
"displayName": "P&I Domain Developers",
"id": "b22e11a6-9e9f-4316-b80f-ba8cbdbf5e18",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "P&IDomainDevelopers"
},
I can see some users are mapped from P&I Domain Developers
but some are not, and no user is mapped from P&I Domain DevOps
.
What could be the issue?
When does Octopus tries to get mappings? Is it intervally, or by running a command once?