Azure AD nested groups and role assignment in Enterprise Application

Azure AD nested groups and role assignment in Enterprise Application

as youve discovered, azure ad currently does not treat nested groups nicely for a variety of situations, and as you have found in that thread that you posted microsoft is starting to work on a workaround.
so the question is how much effort do you want to spend on trying to implement something that will likely be some kind of built in functionality in the medium term when microsoft releases a solution?

there are things you can do, like write a powershell script to flatten a group for example. but you would call that manually. to keep it clean, i would create a parent group for each appplication registration role. eg, create like a group called app_x_prof or something, put prof group in there. then flatten that. but thats still pretty manual.

if you really wanted to automate that, there are ways. eg, you could combine creating app role specific groups, add nested groups to that, then, run a power automate (flow) that you make periodically that goes through those specially named groups to grab all the users from nested groups and copy them to the root group..

all depends on how much effort and time.

Azure AD nested groups and role assignment in Enterprise Application

Leave a Reply

Your email address will not be published.