Customizing Group Membership Checks
To comply with the querying rights set up for your configuration, you can customize how the platform checks if an Active Directory user belongs to a specific Active Directory group.
To do so, add the following secrets in Vault:
| Key Path | Key Name | Key Value |
|---|---|---|
| kv/<environment>/<application>/app-settings | core-setting-adauth-group-query-mode | 1 or 2 |
- Setting the value to 1 uses the
user.GetAuthorizationGroups()method to retrieve all the groups the user account belongs to, then loops them to see if the target group is among them. - Setting the value to 2 uses the
user.IsMemberOf(group)method to query directly if the user account is part of the target group.
Default value: 1.
(Deprecated) Add key in the web.config files
In the web.config file add the core-setting-adauth-group-query-mode key in the <app-settings> section:
Copy
<app-settings>
...
<add key="core-setting-adauth-group-query-mode" value="1 or 2"/>
...
</app-settings>