AD Group Changes Not Reflecting in Morpheus

Consider a scenario in which a member of an Active Directory (AD) group is associated with a Morpheus role. In the event that this user is transferred to a different AD group, the anticipated outcome is that they will automatically be assigned the role corresponding to the new AD group when they try to log in.

To accomplish this smooth transition, simply deselect the “MANUAL ROLE ASSIGNMENT” option within the IDENTITY SOURCE settings. By taking this action, Morpheus will actively verify the user’s AD group membership and automatically allocate the appropriate role according to their newly updated group affiliation upon login. This simple configuration change streamlines the role assignment process and ensures that users always have the right access privileges.

Screenshot: Annotation-Annotation on 2023-09-07 at 18-09-32.png.png - Droplr



Manual Role Assignment should not be necessary for most customers. This allows [as the name states], admins to have AD authentication, while manually assigning additional roles to a user after initial login.

The problem with this approach, is Morpheus can no longer assume a user’s group membership is controlling their access in AD and as @aprat mentioned, will not automatically update as a user moves to other teams.