I’m very new to this. My organization have a SSO using using PingIdentity which I’m able to call via Identity Provider. So I’m calling it and get a lot of attributes, one of them is a list of memberOf, so a list of group in this kind of format: “CN=CUCM Jabber Users QB,OU=Distribution List,DC=resource,DC=ds,DC=microsoft,DC=com”
Right now, the only way I know how to digest this is to create a Role, then do a regex to match the string it in the Identity Provider Mapper. So the user end-up having that role if the value shows up in the memberOf.
The list of potential group is pretty large and I’m lazy. It seems Keyclock is not really populating role or group with that info. But I believe it does something with this kind of info when using LDAP via User Federation. So what’s the recommended approach. Should I use both LDAP and Identity Provider, and can I really do this?
Maybe the workflow is to connect LDAP, populate all the group, then only use only Identity Provider?