• VMware Cloud Director (VCD) is configured to use Microsoft Entra ID as a SAML identity provider (IDP).
• SAML groups from the identity provider have been imported into VCD.
• Attempting to log into VCD using the Sign in with SAML option fails when logging in as a user in the imported group.
• Importing the SAML user directly into VCD allows Sign in with SAML option to succeed.
• In the /opt/vmware/vcloud-director/logs/vcloud-container-debug.log you see the entry below and the log in failed as the user is not part of any groups:
  
  DATE TIME | DEBUG    | pool-jetty-45             | OrgMemberProvider              | Neither user [email protected] nor any of the groups [] of type SAML are imported to org ####-#########-####-########85f9 | requestId=####-#########-####-########6f16,request=POST https://cloud.example.com/login/org/system/saml/SSO/alias/vcd,requestTime=1733843270856,remoteAddress=##.##.##.##:4969,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...,accept=text/html application/xhtml+xml application/xml;q 0.9 image/avif image/webp image/apng */*;q 0.8 application/signed-exchange;

VMware Cloud Director 10.x

VCD does not receive any value for the group from the IDP due to incorrect attribute mappings configured on the on the IDP.

For more details on this setting please see the Cloud Director documentation on Configure Your VMware Cloud Director System to Use a SAML Identity Provider.

For successful VMware Cloud Director integration with external identity providers, to determine the correct values and settings and to ensure proper and accurate configuration, see also the product documentation of those identity providers.