Map Azure AD groups to Portworx Backup roles
This topic explains how you can map groups in Azure AD to roles of Portworx Backup users so that when users login they will be automatically tagged with the required role.
To map Azure AD groups to Portworx Backup roles:
In Azure AD, select App registrations -> All applications tab -> pxbackup application.
In the pxbackup application page, select Manifest from the left pane. Modify the
groupMembershipClaimsparameter value from
In Portworx Backup, create roles to map to groups in Azure AD. For more information about creating roles in PX-Backup, refer to the Add roles procedure.
Login to Keycloak using administrator credentials.
Select Identity Providers from the left pane, and from the list, select Edit on an Identity Provider.
In the selected Identity Provider page -> Settings tab, select
forcefrom the Sync Mode dropdown list, and click Save.
Select the Mappers tab -> Create.
In the Add Identity Provider Mapper page, specify the following values:
- Name: Enter a role name (consistent with the role name created in Portworx Backup).
- Sync Mode Override:
- Mapper Type:
Claim to Role
- Claim Value: The group id to map, which you get in the Azure AD group.
- Role: The role that user needs to be assigned.
Perform steps 7 and 8 to map more Portworx Backup roles in Azure AD.