article Azure SAML configuration: Why is a link to the Graph API endpoint returned instead of a group list? in Troubleshooting https://community.dynatrace.com/t5/Troubleshooting/Azure-SAML-configuration-Why-is-a-link-to-the-Graph-API-endpoint/ta-p/236267 <DIV class="lia-message-template-content-zone"> <DIV> <DIV><SPAN>The number of user groups that Azure Active Directory adds to a &nbsp;<A href="http://SAML token is limited to 150" target="_self">SAML token is limited to 150</A></SPAN><SPAN>.&nbsp;</SPAN><SPAN>If this limit is exceeded, a link to the Graph API endpoint is returned instead of a group list. Dynatrace doesn’t support retrieving user groups this way, because it would require additional authentication between Dynatrace and Azure AD.</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV><SPAN>If you exceed the 150 limit, consider one of the following options:</SPAN></DIV> <UL> <LI><SPAN>Limit the number of groups that users are assigned to.</SPAN></LI> <LI><SPAN> Configure Azure AD to send only groups assigned to the application.</SPAN></LI> <LI><SPAN>Additionally, configure </SPAN><SPAN><A href="https://docs.dynatrace.com/docs/shortlink/manage-users-groups-with-scim" target="_self">SCIM</A>&nbsp;for group management and user-group assignment.</SPAN></LI> </UL> </DIV> </DIV> Tue, 13 Feb 2024 08:35:10 GMT MalcolmDavidson 2024-02-13T08:35:10Z Azure SAML configuration: Why is a link to the Graph API endpoint returned instead of a group list? https://community.dynatrace.com/t5/Troubleshooting/Azure-SAML-configuration-Why-is-a-link-to-the-Graph-API-endpoint/ta-p/236267 <DIV class="lia-message-template-content-zone"> <DIV> <DIV><SPAN>The number of user groups that Azure Active Directory adds to a &nbsp;<A href="http://SAML token is limited to 150" target="_self">SAML token is limited to 150</A></SPAN><SPAN>.&nbsp;</SPAN><SPAN>If this limit is exceeded, a link to the Graph API endpoint is returned instead of a group list. Dynatrace doesn’t support retrieving user groups this way, because it would require additional authentication between Dynatrace and Azure AD.</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV><SPAN>If you exceed the 150 limit, consider one of the following options:</SPAN></DIV> <UL> <LI><SPAN>Limit the number of groups that users are assigned to.</SPAN></LI> <LI><SPAN> Configure Azure AD to send only groups assigned to the application.</SPAN></LI> <LI><SPAN>Additionally, configure </SPAN><SPAN><A href="https://docs.dynatrace.com/docs/shortlink/manage-users-groups-with-scim" target="_self">SCIM</A>&nbsp;for group management and user-group assignment.</SPAN></LI> </UL> </DIV> </DIV> Tue, 13 Feb 2024 08:35:10 GMT https://community.dynatrace.com/t5/Troubleshooting/Azure-SAML-configuration-Why-is-a-link-to-the-Graph-API-endpoint/ta-p/236267 MalcolmDavidson 2024-02-13T08:35:10Z