FI think one of our customer is doing some close to this.
@fabienne @livio might know more about this
@fabienne @livio might know more about this
FLet me reach out, and see what I get.
Fhei @Herb Where do you need the help? on the side of azure to get those groups, or on how to store them to the user?
FI am not sure how azure AD works, but I would implement it like this:
FAdding an action that calls an endpoint on the azure ad to request the groups of the user
Fhere is an example on how to do an api call: https://github.com/zitadel/actions/blob/main/examples/make_api_call.js
GitHub
ZITADEL Actions - Easy extensibility with custom code. Think GitHub Actions in an Identity System. - zitadel/actions
FAs a next step you take the groups you get there and add it to a claim, you can find an example here: https://github.com/zitadel/actions/blob/main/examples/add_claim.js
GitHub
ZITADEL Actions - Easy extensibility with custom code. Think GitHub Actions in an Identity System. - zitadel/actions
FYes that is the same thing 
FLooks like groups claims are used in the wild more then we are used too 
FHm right, I am just thinking where to store the group information from the azureAD.
Could be user metadata since we do not really have a concept of group ATM.
Could be user metadata since we do not really have a concept of group ATM.
FThis makes sense.
@fabienne I think we should expose the "full" idp response inside the actions so that our users can work with it or how do you see this?
@fabienne I think we should expose the "full" idp response inside the actions so that our users can work with it or how do you see this?