Provectus Software GmbH

SCA Configuration - SecContacts.AADGroups

SecContacts.AADGroups

This setting defines Azure AD groups to filter which AAD accounts are used as contacts in SCA.

  • Name: SecContacts.AADGroups

  • Value: [{"name":"<AAD group name>", "value":"<AAD group ID>"}]

The Value property is a JSON array of name/value pairs. You can add one or more AAD groups to the array.

  • If there is only a single entry, SCA treats it as the default AAD data source and it replaces the default AAD datasource, which normally includes all AAD contacts.

  • If you want to include all users plus specific groups, add a group containing all AAD users (e.g., All Users) along with the additional groups.

SCA treats each group as an individual data source and assigns it a sequential ID automatically, such as AAD1, AAD2, and so on.

Replace <AAD group name> with the name of the group (e.g., AppMemberGroup) and <AAD group ID> with its Object ID (e.g., 15e3a3d2-50a6-43e3-137e-a44316d0b448).

Optional properties

Property
Type
Description

transitive

string

If true, includes all members of nested groups recursively.

epHomePhone

string

Maps to an extension property in Azure AD for Home Phone.

epPrivateMobilePhone

string

Maps to an extension property in Azure AD for Private Mobile Phone.

Examples

Minimal configuration (single entry)

[
  {
    "name": "AppMemberGroup",
    "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448"
  }
]

With a single entry, SCA treats this group as the default AAD data source, replacing the normal default that includes all AAD contacts.

Single group with optional properties

[
  {
    "name": "AppMemberGroup",
    "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448",
    "transitive": "true",
    "epHomePhone": "HomePhoneCustom",
    "epPrivateMobilePhone": "PrivateMobileCustom"
  }
]

Replace placeholders like <HomePhoneCustom> with the actual name of the corresponding extension property in Azure AD.

Multiple groups (3 groups example)

[
  {
    "name": "AppMemberGroup",
    "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448",
    "transitive": "true"
  },
  {
    "name": "HRGroup",
    "value": "d1a2b3c4-5678-90ab-cdef-1234567890ab"
  },
  {
    "name": "AllUsers",
    "value": "0f1e2d3c-4567-89ab-cdef-9876543210fe"
  }
]

In this example:

  • AppMemberGroup becomes AAD1

  • HRGroup becomes AAD2

  • AllUsers becomes AAD3

Including the AllUsers group ensures that all AAD users remain part of the contacts, in addition to the specific groups.

Optional properties allow SCA to:

  • Include nested group members (transitive: true)

  • Map Azure AD extension properties for Home or Private Mobile numbers (epHomePhone, epPrivateMobilePhone)

This gives full control over which accounts appear as contacts and how their phone numbers are sourced.

Rename SCA data sources to make them clear and understandable for end users

PreviousSCA Configuration - SecContacts.LicensesNextSCA Configuration - SecContacts.ServiceUrls

Last updated

Was this helpful?