Symantec Access Management

Expand all | Collapse all

Is it possibe to break an LDAP into groups for multiple risk rulesets?

  • 1.  Is it possibe to break an LDAP into groups for multiple risk rulesets?

    Posted Jan 19, 2019 11:12 AM

    When we map an LDAP to an organization in AA, we can only make one ruleset specific to that entire organization. However, there are different users that will need to access applications at different times of the day and from different places. Because there are different groups of users in an LDAP, I want to be able to give specific rulesets for each user group.

     

    For example: In a corporation, Operations may need access to the application 24 hours but only from that office location, while Finance can only access the applications Monday through Friday from 7am to 6pm from the office. All these users coexist inside the same LDAP, but are given different risk rulesets.

     

    Has this been done before?Is it possible to do?



  • 2.  Re: Is it possibe to break an LDAP into groups for multiple risk rulesets?

    Broadcom Employee
    Posted Apr 25, 2019 04:19 PM

    Hi  Adarian,

     

    You can create two separate organizations for two separate LDAP groups under same LDAP database. Next you have have separate rulesets for these two LDAP groups that are configured under two sepatate organizations.

     

    You can also create  custom rule. In the custom rule you can add a list of users from one of the groups and you can configure an expressions that fulfills your requirement. Similarly you can create a separate rule in same ruleset in which you can give the list of the other LDAP group and create a separate expression according to your need.

     

    Thanks

    Awijit