Enhancement request: Group Membership Zendesk Ticket 69193

[mlovingtwocanoes]

No description provided.

[twocanoes]

allowedIfMemberOfGroup would be an
array of Group IDs and if the Entra ID trying to login is a member of
any of thoses groups they can login regardless (including creating new
local account). If a local account exists but the Entra Id is no longer
part of a group the login should fail.

[twocanoes]

added key allowLoginIfMemberOfGroup

[twocanoes]

pfm_description List of groups that should have members be given local administrator status. Local administrator status can be given on first authentication when account created, or on later sign in of existing user when a group member. Administrator status not removed if group membership later revoked. Set as an Array of Strings of the group identifier. pfm_name allowLoginIfMemberOfGroup pfm_subkeys pfm_name group pfm_type string pfm_title Allow login if member of group. Empty array or not defined does not allow or deny based on group membership pfm_type array

[everetteallen]

pfm_description is not accurate for this key and seems to have borrowed language from the key allowing group to be admin users. Likely should read more like
"List of groups whose members should be allowed to login. If the user is a member of any of these groups they can login regardless (including creating new local account) if authorization succeeds. If a local account exists but the user is no longer
part of a group the login will be denied. "

[everetteallen]

Profile manifest corrected in commit 25bed7f. Closing