Hello, I’m In a Test-Phase to decide If we use Zero Trust or not.
I’ve already setup the following:
- AzureAD Authentication
- Azure AD SCIM
- Installed a tunnel in our Office Network
- Set-up Split Tunnel
Now I created a Private Net Application with 2 Basic BlockAll and Allow.
Allow is the first in Priority, block the second
If i use the Azure AD Group IT-Admins like here, it works.
If I change it to my “AllowStudiostation” AzureAD Group it stops working and i cant access it. In the log it shows the BlockAll rule got applied for my request now instead of the Allow rule.
When I go to Settings → Authentication → AzureAD → Test I can confirm that my User is in Both Groups. I deleted some data from the JSON here.
{
"name": "",
"email": "",
"amr": [
"rsa",
"mfa"
],
"groups": [
{
"id": "",
"name": "IT-Admins"
},
{
"id": "",
"name": "HOS-EndpointSettings"
},
{
"id": "",
"name": "IT"
},
{
"id": "",
"name": "Admins"
},
{
"id": "",
"name": "IT Admin Backlog"
},
{
"id": "",
"name": "IT-Team"
},
{
"id": "",
"name": "AllowStudiostation"
},
{
"id": "",
"name": "alle"
},
{
"id": "",
"name": "AllowVPN"
}
]
}
Does anyone has the same problem? Thanks!