I am sure I am misunderstanding how this all should be set up.
We have configured Portal's identity user and group store to use LDAP. We are able to create groups and link those groups to existing enterprise / AD groups. We are able to create user accounts in bulk via the "Add members based on existing enterprise users" and adding members from an enterprise group (i.e. AD group).
However, when a user logs into Portal (they log in via SAML not IWA or AD credentials), I was under the impression their account (since the SAML IDP is passing the correct username) would be added to any AD-linked Portal group of which the user should be a member.
Currently that is not happening.
And furthermore, I thought Portal would also automatically update those groups with the correct members every day at midnight, which is also not happening.
Any ideas what could be going on here? Is there some disconnect with the SAML setup for login, and the user/group LDAP identity stores?