Mapping groups from AzureAD #13267

nyevess · 2023-07-25T15:45:02Z

nyevess
Jul 25, 2023

Hi community, I'm triying to configure my Netbox 3.4.4 with SSO of AzureAD.
Before that I had it configured via LDAP, and I had my LDAP groups mapped to my config. Now I don't have it and I can't assign permissions to the users.
Do you know how I can map automatically these groups from Azure AD??
Thank you in advance!

Slack Message

Answered by nyevess

Jul 26, 2023

I find the solutions following this:
#9216
Also I'm doing some changes in custom-pipeline, I've declared on "if role ==" name of my Netbox groups that is the same as assigned in AzureAD, and some changes in code. Now it's working for me

custom-pipeline.py

from django.contrib.auth.models import Group

class AuthFailed(Exception):
    pass

def set_role(response, user, backend, *args, **kwargs):
    '''
    Get roles from JWT
    Assign user to netbox group matching role
    Also set is_superuser or is_staff for special roles 'superusers' and 'staff'
    '''
    try:
        roles = response['roles']
    except KeyError:
        user.groups.clear()
        raise AuthFailed("No role assigned…

View full answer

nyevess · 2023-07-26T15:30:45Z

nyevess
Jul 26, 2023
Author

I find the solutions following this:
#9216
Also I'm doing some changes in custom-pipeline, I've declared on "if role ==" name of my Netbox groups that is the same as assigned in AzureAD, and some changes in code. Now it's working for me

custom-pipeline.py

from django.contrib.auth.models import Group

class AuthFailed(Exception):
    pass

def set_role(response, user, backend, *args, **kwargs):
    '''
    Get roles from JWT
    Assign user to netbox group matching role
    Also set is_superuser or is_staff for special roles 'superusers' and 'staff'
    '''
    try:
        roles = response['roles']
    except KeyError:
        user.groups.clear()
        raise AuthFailed("No role assigned")

    try:
        user.is_superuser = False
        user.is_staff = False

        for role in roles:
            if role == 'Read_Netbox':
                user.is_staff = False
                user.save()
                group, created = Group.objects.get_or_create(name=role)
                group.user_set.add(user)
            if role == 'ReadWriteRun_Netbox':
                user.is_staff = False
                user.save()
                group, created = Group.objects.get_or_create(name=role)
                group.user_set.add(user)
            if role == 'Admins_Netbox':
                user.is_staff = True
                user.is_superuser = True
                user.save()
                group, created = Group.objects.get_or_create(name=role)
                group.user_set.add(user)
            else:
                user.save()
                group = Group.objects.get(name='Read_Netbox')
                group.user_set.add(user)

    except Group.DoesNotExist:
        pass

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Mapping groups from AzureAD #13267

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Mapping groups from AzureAD #13267

Uh oh!

nyevess Jul 25, 2023

Replies: 1 comment

Uh oh!

nyevess Jul 26, 2023 Author

nyevess
Jul 25, 2023

nyevess
Jul 26, 2023
Author