- This topic has 0 replies, 1 voice, and was last updated 5 years, 8 months ago by
.
-
Posts
-
Question:
I have a question about the linking roles to LDAP in MyID. I did some tests in MYID 10.8 U2 and it works as it should, but MyID did NOT add the role for users in an encapsulated group. For example if I add the role .LIN-All and link it to the Active Directory: All users, that are directly in the group .LIN-All get the corresponding role. E.g. But if the user is in a sub group, e.g in .LIN-Alle-Bulle, the role is not applied. Now my question is, if there is any possibility to expand the role inheritance on Active Directory subgroups. .
Answer:
The name of the AD group must match the name of the MyID role exactly, so it is not possible to automatically associate members of the .LIN-Alle-Bulle group with the .LIN-All role, even though it is a sub group and not a completely separate group. MyID will treat them as separate groups and does not treat the sub group as a subordinate of the parent group. We see 2 ways you can make this work: 1. Edit members of the .LIN-Alle-Bulle group to be also member of the .LIN-All group, but that will likely make the sub group pointless in AD. 2. You could create a new role called .LIN-Alle-Bulle and base it on the existing .LIN-All role and link it to the .LIN-Alle-Bulle AD group.
- The forum ‘MyID knowledge base’ is closed to new topics and replies.