Following these docs:
Config:
xpack:
security:
authc:
realms:
saml:
saml1:
order: 3
attributes.dn: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
attributes.principal: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
attributes.groups: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
idp.metadata.path: "https://login.microsoftonline.com/UUID/federationmetadata/2007-06/federationmetadata.xml?appid=UUID"
idp.entity_id: "https://sts.windows.net/UUID-e1d-9540-UUID/"
sp.entity_id: "https://elastic-kibana-development.example.com"
sp.acs: "https://elastic-kibana-development.example.com/api/security/saml/callback"
sp.logout: "https://elastic-kibana-development.elastic.com/logout"
Have an app in Azure Entra ID, with a group Named Admins
Created a rolemapping to associate superuser to groups to the Admin group...
When I click kibana SSO.. I go through the Microsoft SSO login process but fails with You do not have permission to access the requested page.
How do I pass the groups form Azure into Elastic role mapping?
Thank you.