Portworx
PORTWORX.COM

Map Azure AD groups to Portworx Backup roles

This topic explains how you can map groups in Azure AD to roles of Portworx Backup users so that when users login they will be automatically tagged with the required role.

To map Azure AD groups to Portworx Backup roles:

  1. In Azure AD, select App registrations -> All applications tab -> pxbackup application.

  2. In the pxbackup application page, select Manifest from the left pane. Modify the groupMembershipClaims parameter value from null to “All”.

    Modify Manifest Parameter

  3. In Portworx Backup, create roles to map to groups in Azure AD. For more information about creating roles in PX-Backup, refer to the Add roles procedure.

  4. Login to Keycloak using administrator credentials.

  5. Select Identity Providers from the left pane, and from the list, select Edit on an Identity Provider.

    IDP Edit Button

  6. In the selected Identity Provider page -> Settings tab, select force from the Sync Mode dropdown list, and click Save.

    IDP Sync Mode List

  7. Select the Mappers tab -> Create.

    IDP Create Mapper Button

  8. In the Add Identity Provider Mapper page, specify the following values:

    • Name: Enter a role name (consistent with the role name created in Portworx Backup).
    • Sync Mode Override: force
    • Mapper Type: Claim to Role
    • Claim: groups
    • Claim Value: The group id to map, which you get in the Azure AD group.
    • Role: The role that user needs to be assigned.

    IDP Add Mapper

  9. Click Save.

Perform steps 7 and 8 to map more Portworx Backup roles in Azure AD.

Last edited: Tuesday, Nov 29, 2022
Questions? Visit the Portworx forum.