Customer is running the portal on 5.2 and is trying to use Azure AD for their SSO, they would like to use multiple organizations, which they have listed in their SAML response,
however they are getting only one organization when they are signing on using SSO and not getting access, is there something that needs to be changed in their saml response for it to work?
Release : 5.2.1
The saml response needs to have a attribute which maps the role and organization together
Like
<saml:Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">{organization:org1,role:developer};{organization:org2,role:admin} </saml:AttributeValue>
</saml:Attribute>
in this case you can set a regex to filter out the information from this attribute
{organization:${organization},role:${role}}
But the information needs to be in one attribute not in multiple