Step 6 — Map ExtremeCloud IQ Group to Roles for Entra ID

ExtremeCloud‌ IQ roles must be mapped based on the user group membership that is created in Entra ID to enforce authorization.

As an example, the following groups created in Entra ID, map to ExtremeCloud‌ IQ roles. Users added to these groups are assigned the corresponding role.
Click to expand in new window
Azure - ExtremeCloud IQ User Groups Displayed in Azure
Azure - ExtremeCloud IQ User Groups Displayed in Azure
  1. In ExtremeCloud‌ IQ, go to Global Settings > Enable Single Sign On (SSO).
  2. Select Attribute Mapping.
  3. Select + Add a group name mapping.
  4. Enter the exact group name from Entra ID (for example, XIQ-Operator), and then select Operator from the Select an ExtremeCloud IQ group list.
  5. Build and order the rules based on First Match.
    To reorder the rules, select the reorder rules icon.
    Note

    Note

    If a user is successfully authenticated but is not a member of a defined group, you have the option to deny the user login or you can specify a default catchall Role in which to place the user. For example, Monitor Only.
  6. Select Save and Finish to complete the ExtremeCloud‌ IQ workflow.
9038990-00 Rev AB