I have successfully hooked up SAML to a workplace search cloud instance and can succesfully setup access based on the username and email attributes. I want to however use the groups attribute.
I'm using Azure AD and I have confirmed the attribute is being sent mapped via elasticsearch.yml file: attributes.groups: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
I've been reading I can tap into the attributes using the metadata but I can't seem to work out the correct syntax. Anyone know what the trick is to get this to work?