AnsweredAssumed Answered

Nested group based authorization

Question asked by VVK on Jan 15, 2018
Latest reply on Jan 23, 2018 by Hubert Dennis



Need your help with below requirement -

User authorization against nested AD group and sending the parent group details in Header response. In existing setup, I have access policy setup to check authorization against one AD group and have active expression to send out only that AD group name in custom header response. The code application end just look after that AD group name and do further authorization check in their own database to display appropriate pages to end user as per the role.


However lately we found that application team added few AD groups as member of parent AD group which is added in the access policy. Application team wants all users in nested group to have access to their application and they want us to send out the parent group name only(no code changes at their end). To address first requirement of nested group authorization, I enabled "Allow Nested groups" checkbox in allow access policy however it's not authorizing.


Can someone please help with solution to address this?