How does DHIS2 handle role-based access control when integrated with Azure Active Directory (AAD) for authentication?

When integrating DHIS2 with Azure Active Directory (AAD) for Single Sign-On (SSO), what data about the user is stored in DHIS2 after they log in? Specifically:

1. Does DHIS2 store any Azure-related information, such as Azure AD group memberships or claims?
2. If user attributes (e.g., email, name, or roles) are passed from Azure AD during authentication, how does DHIS2 handle or store these attributes?
3. Are there specific configurations needed in DHIS2 to determine what user information from Azure AD is retained?

Hi @Kenyuri

I haven’t used Azure with DHIS2. Were you able to find answers to the questions you asked?

I believe that this is all based on how it’s being configured, but when it comes to what data is being stored, you can find all and any data by accessing the postgresql and using the api/users end point.

Thanks!