Microsoft Entra ID groups and roles token claims
The Neptune DXP - Open Edition supports a number of authentication mechanisms, among them Microsoft Entra ID.
Once a user signs in using this authentication method, the system supports the automatic assignment of Neptune DXP - Open Edition security groups and roles in the following ways:
-
Security groups and roles can be specified explicitly to be assigned to the user either only on first sign in or each time.
-
The ID token sent by Microsoft Entra ID can be configured to contain groups and roles claims. If the groups and roles contained in these claims exist in Neptune DXP - Open Edition with the same name, they will be assigned to the current user.
If this approach is used, all existing role and security group assignments for the user will be overwritten by the claim values. This also applies if the groups and roles contained in the token claims don’t exist in the Neptune DXP - Open Edition system.