How to add AD groups to users id_token (working example)

tmarziano · January 18, 2018, 8:54am

Yes, the groupid in the whitelist is ‘00gdkn3mrkSqcE2n00h7’ which is:

{
    "id": "**00gdkn3mrkSqcE2n00h7**",
    "created": "2018-01-09T23:01:06.000Z",
    "lastUpdated": "2018-01-09T23:01:06.000Z",
    "lastMembershipUpdated": "2018-01-09T23:01:06.000Z",
    "objectClass": [
        "okta:windows_security_principal"
    ],
    "type": "APP_GROUP",
    "profile": {
        "name": "Domain Users",
        "description": "CASUPPORT.support2016.ad.hursley.ibm.com/Users/Domain Users",
        "windowsDomainQualifiedName": "CASUPPORT\\Domain Users",
        "groupType": "Security",
        "groupScope": "Global",
        "samAccountName": "Domain Users",
        "objectSid": "S-1-5-21-2369833120-3074229025-114115762-513",
        "externalId": "rTYxz7hheUK3db9G0StWMg==",
        "dn": "CN=Domain Users,CN=Users,DC=CASUPPORT,DC=support2016,DC=ad,DC=hursley,DC=ibm,DC=com"
    },

The userinfo shows only the OKTA group “ADGROUP”:

userinfo: {"sub":"00udkg9wxf0cMv2E50h7","zoneinfo":"America\/Los_Angeles","email_verified":true,"updated_at":1515539206,"name":"TM1 USER",**"groups"**:**["ADGROUP","Everyone"]**,"preferred_username":"tm1@CASUPPORT.support2016.ad.hursley.ibm.com","locale":"en-US","given_name":"TM1","family_name":"USER","email":"tm1@CASUPPORT.support2016.ad.hursley.ibm.com"}

Post		Replies	Views
Example of adding AD groups to groups claim in access token Questions	12	11953	July 14, 2020
How to get AD groups in id_token? OAuth/OIDC	7	11507	November 26, 2018
AD as whitelist for getFilteredGroups OAuth/OIDC	4	6987	February 14, 2018
How to get AD groups using OIDC with "groups" scope and Regex ".*" groups filter OAuth/OIDC	6	7638	January 13, 2024
AD user not showing any AD groups? OAuth/OIDC	5	7689	November 20, 2018

How to add AD groups to users id_token (working example)

Related topics