but instead of Okta we are using Azure AD. I know that article is saying that this setup works only if a user is a member of only one group, but I would like to have users in multiple groups thus they would get multiple group policies assigned
Your connection profile (aka tunnel-group) can use Azure AD (Entra ID) SAML-based authentication. Your authorization result can then dynamically reassign users to different group-policies depending on their group membership. If they belong to multiple groups, multiple of which are considered for assignment then it is a bit tricky. The logic uses an alphabetic first match in that case.
Actually if I have a user in multiple groups, user is not able to connect to the VPN at all and getting this error: "Login denied, unauthorized connection mechanism, contact your administrator"
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
