AD groups membership in PowerShell Universal

PowerShell Universal
1

Hi,

I want to migrate my dashboard (2.9.0) to Powershell Universal (dashboard 2.9.6).

I have updated the OIDC section in the appsettings file so that my users authenticate through Azure AD SSO.
But on my old dashboard, access rights to pages or features (buttons, actions, etc.) were managed according to their membership in different AD groups.

In version 2.9.6, I don’t see an option to do this sort of thing:

New-UDAuthorizationPolicy -Name "Search User" -Endpoint { 
    param ($User) 

    try { 
        $User.HasClaim("groups", "xxxxx") 
    } catch { 
        $false 
    } 
}

Or :

New-UDPage -Url "user/search" -Title "dashboard" -AuthorizationPolicy "Search User" -Endpoint { 
    #some code 
    if ($Session.AuthorizationPolicies -contains "Reset User Password") {
        #some code
    }
}

How to handle this in the new version? The roles don’t seem to match my usage.
Or else I have to take the plunge to version 3 but I don’t have the impression that it will be better for me.

Thank you for your advices :slight_smile:

2

In v3 and PSU, you would do something like this. The concepts for roles\authorization policies are pretty much the same.

New-PSURole -Name "Search User" -Policy { 
    param ($User) 

    try { 
        $User.HasClaim("groups", "xxxxx") 
    } catch { 
        $false 
    } 
}

New-UDPage -Url "user/create" -Title "dashboard" -Role "Search User" -Content { 
    #some code 
    if ($Roles -contains "Reset User Password") {
    #some code
    }
}
1 Like
3

It works! Thank you.

All that remains is to migrate my old dashboard … :sweat_smile: