Just configure your idP to return multiple groups for a user in a SAML 2.0 response. Then setup the groups attribute in the configuration screen :
and it should work. More in our help page:
If that does not answer your question, please provide more details.
Thanks Radoslaw, but that did not answer my question, which was probably not well formatted, but I just fiqured out it by testing.
The answer I was looking for:
You can pass multiple group names inside one attribute value (User group attribute) by separating them with comma-sign (,).
For example Group name 1,Group name 2,Group name 3
And of course group names should match exactly (case sensitive, no extra spacing) with Dynatrace User Group names.
Let me add this info here because I had a rough time configuring the group attribute, and my discovery wasn't documented :
I did create the Dynatrace groups with the exact same name as my Active Directory Groups, and it was still not working (using ADFS for the SSO)
In fact the name of the "user group attribute" in the SAML response was not "gr" nor "group" (as I configured it in ADFS), but it was "http://schemas.xmlsoap.org/claims/group" (yes, the whole url)
So I don't know who is responsible for this behavior, if it's Dynatrace or Microsoft, but at least now it works 🙂