AzureAD Group UUID Mapping

Hey there!

Running the latest self hosted retool (and for quite some time now), we've managed mapping AzureAD OIDC groups to retool groups by leveraging the role mapping environment variables as documented here.

Is there any other way to do this? We have thousands of active directory groups and in order to prevent our Retool instance from being littered with a bunch of GUIDs, we have to push out infrastructure updates constantly to keep that environment variable up to date. These environment variables also have finite limits (both in terms of our ECS task definitions and linux kernel limits), so we can't even fit our AD structure into this mechanism.

I've asked around to various Retool support representatives in the past, and I'm curious if the community has come up with any way of managing this so that we don't have to do a re-deployment each time someone wants to re-structure an application group.

All of our users sign in via AzureAD OIDC.

Hey @Compy! Unfortunately at this time there isn't a way to work around this mapping issue with Azure AD. We have an internal ticket tracking this, and I'll ping the ticket with your feedback / friction using the role mapping env variable. I'll update you here as I get any additional information on its status.