Create a Post
Showing results for 
Search instead for 
Did you mean: 

Security ID based rules

R81 Enhancement:

  • Security ID (SID) support for Identity Awareness - Move users and groups to different LDAP Organizational Units without the need to modify the Access Role Policy.

We can enable SID on the gateway.

How to use create a policy for this ?

For Example:There are two OU's '' and '' OU has access to facebook as this is marketing unit. has access to financial sites.

User1 belongs to '' and user2 belongs to ''

I have  created the access role for the user1 to allow facebook.

When I user moves from '' to '', how user1 will have access to Financial sites as the access role is still matches to a policy for 'facebook'

Is there anything which I am missing ?

Is there any white paper released for this ?


0 Kudos
2 Replies

It affects how roles are matched.
If you defined a role based on then rename it to say, the role will still match because of the SID.
If you move a user to a different group and that’s how you’ve defined the access role (by group), then the user will be associated with the new role(s) the same as before.
@Royi_Priov am I missing something?

0 Kudos

Hello community, Any experience with this LDAP_SID feature in production environments?
The configuration does not look too mature to me. Any plans to implement this more resilient in the Configuration database?

KR, Peter 

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events