When using SAML with Azure in Qlik Sense, groups in Azure SAML response only have the group guid and no group name.
There it is not possible to create security rules with user.environment.group that are based on group names.Environments:
- Qlik Sense Enteprise 3.2 and higher
This is due to the fact that Azure can only send group guid in the SAML response and not the group name.
Here is the reply from Microsoft regarding this:
"There is no way to have the friendly name inside the SAML response. If you want to have the friendly name, basically what you should to is the following: the Service provider gets the SAML response issued by Azure AD, then the Service Provider should perform a GraphAPI call to Azure AD to retrieve the friendly name of the group based on the objectGUID."
Unfortunately, Qlik Sense (which is the Service Provider) in this case, has no way to be set up to resolve Azure group names.
- Create your own program that extracts all needed group names from Azure and to which user they are linked to
- Store this information in an excel file or a database
- Use a User Directory Connector in Qlik Sense in order to import group information
- You can then create a security rule based on user.group to give access to users.