Admin group user can't log in to SecureAuth0 via browser due to invalid group
Issue
Some Admins can access the SecureAuth0 realm, but some cannot.
Cause
The SecureAuth0 Web Admin console is configured to allow only the members of the "domain admins" group access.
Resolution
Check the "Primary Group" setting on the "Member Of" tab. If the Primary Group is set to "Domain Admins", the "memberof" attribute of the user object cannot be read, and an invalid group message is received when authenticating.
Use Case
 |
On this specific user's AD account profile, the "Set Primary Group" field was selected as the "Admin" group.
Changing it to another group or not selecting any group solved the issue; the user was able to log in to SecureAuth0 via a browser.
Additional Information
Resource to read: