Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nagaraja
Explorer

Security ID based rules

R81 Enhancement:

  • Security ID (SID) support for Identity Awareness - Move users and groups to different LDAP Organizational Units without the need to modify the Access Role Policy.

We can enable SID on the gateway.

How to use create a policy for this ?

For Example:There are two OU's 'test.abc.com' and 'test1.abc.com'

test.abc.com OU has access to facebook as this is marketing unit.

test1.abc.com has access to financial sites.

User1 belongs to 'test.abc.com' and user2 belongs to 'test1.abc.com'

I have  created the access role for the user1 to allow facebook.

When I user moves from 'test.abc.com' to 'test1.abc.com', how user1 will have access to Financial sites as the access role is still matches to a policy for 'facebook'

Is there anything which I am missing ?

Is there any white paper released for this ?

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

It affects how roles are matched.
If you defined a role based on test.abc.com then rename it to say test2.abc.com, the role will still match because of the SID.
If you move a user to a different group and that’s how you’ve defined the access role (by group), then the user will be associated with the new role(s) the same as before.
@Royi_Priov am I missing something?

0 Kudos
Peter_Thome
Participant

Hello community, Any experience with this LDAP_SID feature in production environments?
The configuration does not look too mature to me. Any plans to implement this more resilient in the Configuration database?

KR, Peter 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events