Azure AD Authentication: Role Assignment #3949

New Issue

OVERLORD · 2026-02-05T07:55:50+03:00

OVERLORD commented

2026-02-05 07:55:50 +03:00

Originally created by @mschoon85 on GitHub (Aug 1, 2023).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

Hi @ssddanbrown,

We are in the process of implementing Azure Active Directory (AD) Authentication, and the progress has been satisfactory thus far. We have successfully created new profiles. Within Azure AD, we have established a group named "AzureTEST". Correspondingly, in Bookstack, we've created a role that shares the same name and external ID. However, we are encountering an issue: when a user associated with the "AzureTEST" group logs in, their user profile is created as expected, but the role isn't automatically assigned as intended.

Thus far, we have the following configuration in our ENV file:

AZURE_APP_ID= X
AZURE_APP_SECRET= X
AZURE_TENANT= X
AZURE_AUTO_REGISTER=true
AZURE_GROUP_SYNC=true

Kind regards,

Michel

Exact BookStack Version

23.06.1

Log Content

No response

PHP Version

No response

Hosting Environment

Windows 2022 with Apache

Originally created by @mschoon85 on GitHub (Aug 1, 2023). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hi @ssddanbrown, We are in the process of implementing Azure Active Directory (AD) Authentication, and the progress has been satisfactory thus far. We have successfully created new profiles. Within Azure AD, we have established a group named "AzureTEST". Correspondingly, in Bookstack, we've created a role that shares the same name and external ID. However, we are encountering an issue: when a user associated with the "AzureTEST" group logs in, their user profile is created as expected, but the role isn't automatically assigned as intended. Thus far, we have the following configuration in our ENV file: AZURE_APP_ID= X AZURE_APP_SECRET= X AZURE_TENANT= X AZURE_AUTO_REGISTER=true AZURE_GROUP_SYNC=true Kind regards, Michel ### Exact BookStack Version 23.06.1 ### Log Content _No response_ ### PHP Version _No response_ ### Hosting Environment Windows 2022 with Apache

OVERLORD added the 🐕 Support label 2026-02-05 07:55:50 +03:00

OVERLORD closed this issue

2026-02-05 07:55:53 +03:00

OVERLORD commented

2026-02-05 07:55:58 +03:00

@ssddanbrown commented on GitHub (Aug 1, 2023):

Hi @mschoon85,

There is no built in group sync support for the AzureAD third party authentication option.
I'm not sure where that AZURE_GROUP_SYNC option has come from.

If everyone would be logging in via AzureAD, then I'd probably recommend using OIDC in BookStack, connected to AzureAD.

I have a video on OIDC with AzureAD here:
https://foss.video/w/n67qNijhf8BdTRQys8SDYf

@ssddanbrown commented on GitHub (Aug 1, 2023): Hi @mschoon85, There is no built in group sync support for the AzureAD third party authentication option. I'm not sure where that `AZURE_GROUP_SYNC` option has come from. If everyone would be logging in via AzureAD, then I'd probably recommend using [OIDC in BookStack](https://www.bookstackapp.com/docs/admin/oidc-auth/), connected to AzureAD. I have a video on OIDC with AzureAD here: https://foss.video/w/n67qNijhf8BdTRQys8SDYf

OVERLORD commented

2026-02-05 07:56:02 +03:00

@ssddanbrown commented on GitHub (Aug 22, 2023):

Since there's been no follow-up I'm going to close this. If you need further help just respond to my previous comment.

@ssddanbrown commented on GitHub (Aug 22, 2023): Since there's been no follow-up I'm going to close this. If you need further help just respond to my previous comment.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3949