Microsoft Azure returns the group claim in the SAML using an attribute
This happens when the number of groups is very high.
Can Dynatrace handle this scenario.
Eg (with groups.link): - Unable to do SSO with Dyantrace SAAS
I am able to successfully do SSO when the groups are returned as in identity/claims/groups, but not in the above scenario
Eg (with /claims/groups list) - This works for me
According to this part of documentation:
this will not work. https://www.dynatrace.com/support/help/how-to-use-dynatrace/user-management-and-sso/manage-users-and... You're limited to 150 groups.
Thanks @Sebastian K.
From talking to Dynatrace, I think we have following two solution options. I am yet to try either of them, will share progress with the community.
2. Use application roles rather than groups.
This limits the amount of information that needs to go into the token, is more secure, and separates user assignment from app configuration.
Change the Security group claim attribute. Something like this: