The following scenarios describe how settings are inherited when a user is a member of more than one group. Settings can include application definitions, preferences, credentials, and password policies.
When a user or admin is a member of two groups as follows:
Group1: A security group with the user or admin role. Settings are applied to this group.
Group2: A security group with the default user role. No specific settings are configured.
In this scenario, the user or admin inherits the settings of Group1 and the settings of Group2 are ignored.
When a user or admin is a member of two groups as follows:
Group1: A security group with the user or admin role. Settings are applied to this group.
Group2: A security group without SecureLogin application and roles. No settings are applied.
In this scenario, the user inherits the settings of Group1 and the settings of Group2 are ignored.
When a user or admin is a member of two groups and both groups are with the user or admin roles. Settings are applied to both groups.
In this scenario, the user or admin does not inherit any settings of Group1 and Group2. You must be careful of this scenario while adding users to multiple groups.
When a user or admin is a member of a nested group. For example, Group2 is a member of Group1. And the user is a member of Group2.
In this scenario, Group2 inherits the settings of Group1. However, the user inherits settings of only Group2.
For example, Group1 has two single sign-on applications app1 and app2. You apply setting on Group2 that adds app3 and app4. After inheriting settings from Group1, Group2 has four applications: app1, app2, app3, and app4. However, the user inherits only app3 and app4.
Azure AD does not support this configuration. When you try to add a member in a nested group, the following message is displayed:
When you assign a group to an application, only users in the group will have access. The assignment does not cascade to nested groups.
For more information, see Manage user assignment for an app in Azure Active Directory.