...
In Microsoft Entra ID, go back to "Microsoft Entra ID" and then to "App registrations".
Find and select the "Vivi" application.
Click "Manifest" to view the JSON configuration.
Find "groupMembershipClaims" and change the value from null to "SecurityGroup" (with quotes).
Continuing in Microsoft Entra ID, go back to the Vivi application from the Enterprise Application list and click "Single sign-on".
For "Logout URL" enter “https://api.vivi.io/api/v1/users/saml_logout/<your organisation id>” and click “Save”,
The following guide from Microsoft shows where this Organisation/Tenant ID can be found: https://docs.microsoft.com/en-us/partner-center/find-ids-and-domain-names
Go back to "Enterprise applications" -> "Vivi" -> "Users and Groups".
Only users and groups explicitly added here will be able to sign in to the Vivi App. You will need an "Object ID" to match each of the Vivi roles.
Nested groups cannot be assigned in Microsoft Entra ID according to Microsoft: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions
Please ensure that you are only using Security Groups. Distribution Groups and other types of groups are not supported.
Alternatively, you can disable "User assignment required?" in "Vivi" -> "Properties" to allow all users to sign in.
...