Hi there!
We received a request for integrating the file system driver we implement with Azure Active Directory, now called Entra ID. As far as I could understand, the token created during the logon session on Windows using Entra ID carries an extra SID, which can be used to identify the Entra account. However, this token does not include the AADS groups the user belongs to, which we use for resource authorization.
As far as I could read from Microsoft documentation, they offer this REST API for applications to authenticate Entra ID users, but it does not seem to me that this will create or change the user token, so that it would get the user’s AADS groups.
Does anyone have any similar experience with this? Any tip, clue, or documentation I could read to learn more about?
Thanks in advance,
Fernando.
DriverEntry Kernel Development
http:\www.driverentry.com.br