Hmm... I'm not able to edit AD Groups in Orgs (I'm still in 2.3.3), or edit AD Groups for builtin Roles.
Could I still use LDAP for Authentication purposes but manage Authorization (assign roles/orgs) within OA?
I'm not able to edit AD Groups in Orgs
You can only edit these fields using Enterprise.
Could I still use LDAP for Authentication purposes but manage Authorization (assign roles/orgs) within OA?
Yes. When editing an LDAP Server entry, set the attribute "Use LDAP for Roles" to No.
You would need to edit the Roles and Orgs and change the "AD Group" attribute.
The ability to edit Roles is an Enterprise feature.
Our LDAP system requires us to prefix our groups to identify ownership. If we pair OA to LDAP, we will have to prefix the Orgs and Roles with something like
ITS-open-audit_orgs_enterprise
orITS-open
-audit_roles_admin
but I don't see a setting where we can customize this.