We have two clouds:
- GCP for our apps
- Azure for user management
I need to set up a role based auth in my GCP hosted app based on the user groups he is assigned to in the Azure Active Directory. So I need to get the AD groups somehow.
The standard setup via IAP and SAML will return me a user email via x-goog-authenticated-user-email header. This is not enough as I also need AD groups.
I have found some feature called SAML attribute propagation which sounds like an option but I am not sure. There is no configuration example for this case.
Has anyone ever did that?
