Group management¶

Groups are used to manage users that all need the same access and permissions to resources. Groups from the remote provider can be mapped into local Linux groups for the user.

Note

Groups are currently supported for the msentraid broker.

MS Entra ID¶

MS Entra ID supports creating groups and adding users to them.

See Manage Microsoft Entra groups and group membership

For example the user authd test, is a member of the Entra ID groups Azure_OIDC_Test and linux-sudo:

Azure portal interface showing the Azure groups.

This translates to the following unix groups on the local machine:

~$ groups
[email protected] sudo azure_oidc_test

There are three types of groups:

Primary group: Created automatically based on the user name
Local group: Group local to the machine prefixed with linux-. For instance if the user is a member of the Azure group linux-sudo, they will be a member of the sudo group locally.
Remote group: All the other Azure groups the user is a member of.