Making an account not allowed to login via OIDC / SSO if assigned to more than one Azure Directory Group (Role)
0
Hey! I am using the OIDC module to make users login via their Microsoft identification. And to their account I have connected them to an Azure Directory Group depending on what role in the application they will have (for example Admin, Cashier and Boss). This is working fine! However I want to implement that if a user is having more than one role assigned to him I want the user not to be able to login (for example he is assigned the role Boss and Cashier). I also want the user to then reach a page and get the information why he can’t proceed to login to the application. I have tried making a count on their list of user roles and if it is more than one I am returning an empty account object instead of letting them login via their Microsoft account. However this is not a neat solution since the app is just crashing for them. Is there a fallback page from the OIDC module I could use or simply create one myself and put in a microflow that the user could reach instead?