Is it possible to provision Azure AD group/users automatically to Cloud Services Application Role?
We are working on a project to move Planning on-prem (126.96.36.199) to EPM Cloud (IDCS 21.4.38-2112191315, PBCS 21.12.71). We are looking at having SSO, user and group provisioning integrated from Azure AD to IDCS/PBCS. Our integration partner is working on it but there seems to be an issue.
In IDCS, groups from Azure Group are received (with their users).
In IDCS, users from Azure Users are received (with their groups).
However, it appears that when assigning an Azure AD group (found in IDCS) to an IDCS Cloud Services Application Role, users of the Azure AD group do not get any access. Users of an IDCS group (not coming from Azure AD) do get access. In order for a user coming from an Azure AD group to have access to application, user needs to be assigned manually in IDCS to the application role or user needs to be assigned manually in IDCS to an IDCS group (group not coming from Azure AD).