Admin role via Azure AD Groups Not working - Powershell Universal Version 5.6.13
Admin role via Azure AD Groups Not working - Powershell Universal Version 5.6.13
Product: PowerShell Universal Version: 1.4.6
User is a member of Azure Security Group ‘PoShUnivAdmins’’ but when the user logins via SSO it gives error after login successfully
Error: Sorry, you are not authorized to access this page. Please contact your administrator.
Claim information:
Authentication MethodAuthenticationTypes.Federation
Permissions : BLANK
Type: Role
Value: Object Id of Security Group ‘'PoShUnivAdmins’ the user is a member of.
9c332d0f42faf299806f63869dacdabfdf18a544.png
8f2f169670dfce4c1d47cf4c33ea8e1df6540bab.png
All Comments (2)
Is it because you are expressing the claim as a group and not a role? Just comparing it to my own configuration. Does that match the Entra Claim type as those have to match as well so if it is group here then it needs to be group there.
We use Claim Type: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
Looking at the 2 pics they do not match for claim type, so that’s probably it.
I use OIDC with entra, my claim type on my PSU roles is just ‘groups’ and nothing else. My claim value is the group guid. Works fine for me.