Introduction
In Terraform Enterprise/HCP Terraform, users who are members of specific AD groups and are mapped to their respective SSO team IDs are unable to see the workspaces they have been granted access to.
Pre-requisites
- SAML enabled
- ADFS as the IdP provider
Scenario
User user1 is a member of the AD group AD_Group1, which corresponds to the SSO team ID for team1, a team that has access to workspace1.
However, when user1 logs in via SSO, they are unable to see the workspace.
Group mapping appears to be working correctly for some other users.
Recommendation
Azure AD limits you to 150 group claims in SAML tokens. If you exceed this limit, we recommend that you create a group filter to only include the necessary groups.
Refer to Configure group claims for applications by using Microsoft Entra ID for more information.