After following the steps in the official documentation for Azure AD SAML setup via a custom Enterprise Application, I am able to get “signed in” to checkmk (auto-redirects to my IDP) and upon return I see an empty checkmk with no hosts or dashboards.
When I try going to the user profile settings, I see this message:
Yep, after creating the account with the SAML user having the same username and email as the user’s SAML UPN (Azure AD), it just says the user account doesn’t exist.
Ok so… the first character of the user’s email domain was being sent over capitalized. Capitalizing it in CheckMk fixed it. The user is correctly logged in with the SAML credential now.
That will depend on the way your IDP works.
I use risk-based policies to deny access to a resource configured on mine.
In essence what i do is i check after authentication on my IDP if a/the user is member of a group.
If the user is not part of the group he/she will get an ‘access denied’ from the IDP for the resource.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.