https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44790#M472 <P>Hey,</P><P>My question is when using Azure AD to sign in using SAML is there a way to declare the different groups having access to a certain vlan? So that the group of IT's automatically&nbsp;&nbsp;end up in a certain vlan different from when a user from a different group logs on.</P> Mon, 16 May 2022 14:31:28 GMT dennisvb 2022-05-16T14:31:28Z https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44790#M472 <P>Hey,</P><P>My question is when using Azure AD to sign in using SAML is there a way to declare the different groups having access to a certain vlan? So that the group of IT's automatically&nbsp;&nbsp;end up in a certain vlan different from when a user from a different group logs on.</P> Mon, 16 May 2022 14:31:28 GMT https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44790#M472 dennisvb 2022-05-16T14:31:28Z https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44834#M473 <P>Dennis,</P><P>Yes, this is possible, if you map the group claim attribute, then we can create policies with specific VLANs(or RADIUS attributes) based on those Groups.</P><P>In Azure, there is a limitation of getting the actual group name to come over via SAML. If they used Azure AD Connect Sync 1.2.70.0 or above and bring those groups from On-Premise AD, they will show up with the group name.</P><P>However, if the groups are not brought over from on-premise AD, we can still accomplish the use case but we need to filter based on the Object-ID of the group(i.e.,&nbsp;c8fbf2ba-e5f4-4105-a942-481f396746b3)</P><P>As long as that group claim is mapped to "Group/Affliation Attribute" in SAML config on CP, then we can create a policy like this:<BR /><BR />IF, Group =&nbsp;c8fbf2ba-e5f4-4105-a942-481f396746b3</P><P>&nbsp;</P><P>THEN, VLAN = 1</P><P>&nbsp;</P><P>Let me know if you have questions on this, if you provide your e-mail I can send you some screenshots.</P><P>Thanks,<BR /><BR />Pierce</P><P><BR />Thanks,<BR /><BR />Pierce</P> Wed, 18 May 2022 16:39:18 GMT https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44834#M473 pierce_larsen 2022-05-18T16:39:18Z https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44835#M474 <P>Dennis,<BR /><BR />I uploaded the screens as a ZIP file to Google Drive, let me know I can e-mail them as well:</P><P><A title="ZIP file with screenshot on Google Drive" href="https://drive.google.com/file/d/1YXsK4oaZMTv3g2E4jc_pIege-dZNI6_q/view?usp=sharing" target="_blank" rel="noopener">https://drive.google.com/file/d/1YXsK4oaZMTv3g2E4jc_pIege-dZNI6_q/view?usp=sharing</A>&nbsp;<BR /><BR />Let me know if you have questions.</P><P><BR />Thanks,<BR /><BR />Pierce</P> Wed, 18 May 2022 17:01:31 GMT https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44835#M474 pierce_larsen 2022-05-18T17:01:31Z https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44851#M475 <P>Hi Pierce,</P><P>It sounds clear to me. Already thank you in advance this looks like a helpful solution.<BR />Will try to config it later.</P><P>thanks,<BR />Dennis</P> Thu, 19 May 2022 09:59:57 GMT https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44851#M475 dennisvb 2022-05-19T09:59:57Z https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44860#M476 <P>Not a problem, let me know how if you need any assistance.</P><P>Thanks,<BR /><BR />Pierce</P> Thu, 19 May 2022 20:40:20 GMT https://community.ruckuswireless.com/t5/Cloudpath-Enrollment-System-ES/Cloudpath-and-Azure-AD-SAML-Authentication-with-different-groups/m-p/44860#M476 pierce_larsen 2022-05-19T20:40:20Z