Netscaler Gateway AD Group extraction with Azure SAML Auth

Hello,

We're using Azure SAML Auth on our Netscaler and that part works fine. However, we'd like to continue using AD groups to allow certain users access to the right gateway server. However, with the Azure Auth, the Netscaler no longer has any group information.

I found this instructions ADC using AzureAD SAML login with Groups - Core ADC use cases - Citrix Community , to set up a no-auth LDAP after the Azure Auth. The problem is, users on the LDAP server are identified with just username and in Entra ID it [[email protected]](mailto:[email protected]) . So when the Netscaler sends the [[email protected]](mailto:[email protected]) to the LDAP, the LDAP server just says nope.

Anyone got a way to make this work?