Infos:
- Used Zammad version: 6.5.0-1754564821.39a8ea8a.focal
- Used Zammad installation type: package
- Operating system: Ubuntu 20.04.6 LTS
- Browser + version: varies
Expected behavior:
- We are currently using LDAP for user accounts / authentication. What I would like to do is move away from that to only using Microsoft Entra SSO. We have ‘Authentication via Microsoft’ already enabled in Settings → Security → Authentication via Microsoft, but we get an error when trying to use this. I think this is expected because of the value of some of the other settings we have which are:
Automatic account link on initial logon: set to no currently
No user creation on logon: also set to no (I think this is correct because if we do move to entra sso, we want it to create users when they login via entra).
Anyways, I am looking for a little guidance here as far as is it just as simple as enabling automatic account link on initial logon, as well as keeping user creation on logon to true and then disabling ldap? I want to make sure if I do this it does not affect existing users / agents etc.
I know that after enabling I will most likely still need to assign roles to newly created users / assign them groups etc as we are currently doing that in the ldap integration via OUs to role mappings. If this can be reproduced with entra SSO configuration to maintain that mapping, that would be great.. I couldnt really find any documentation or threads for this ‘migration from ldap to entra sso’ specifically.
Thanks
Actual behavior:
- Untested
Steps to reproduce the behavior:
- Have existing LDAP configuration
- enable and configure microsoft entra authentication + allow account creation on logon + allow account linking on logon
- disable ldap integration
- Hopefully at this point entra sso works as expected and LDAP is disabled.