Group assignment during OIDC Federation

Firoz Shaik 0 Reputation points
2026-06-29T17:00:49.1733333+00:00

We are having a federation with OIDC IDP from Entra external and the federation is working fine and users are created in Entra External tenant as members. Once the federation is successful, we are having a SAML SSO enabled for Entra enterprise application. During the SAML SSO application checks for role assignments through Entra Group assignment.

SSO is failing during the very first login because users are not assigned to any security groups, and SSO is working fine after users are assigned to groups which will add roles required.

We need to know if there is anyway to assign group memberships to users during federation when users are created.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.