Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version 4

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

...

  • Group
    Click group name, site or description to edit the group object
  • New Group…
    Create a new group
  • Delete Group/ Check box
    Select and click Delete to delete permanently the selected groups
  • Move here
    Move a group to this site from another site

Group

Figure 2 shows the group editor where group properties can be edited.

...

  • Name
    The name of the group object
  • Description / Update
    Description of the group object. Click Update to update the description.
  • New
    Create a new group
  • Delete
    Delete this group
  • Rename
    Rename this group

Users

The Users view presents all of the users in the selected group.

...

  • User name
    User name is a link to the user entity
  • Add
    Add a Ubisecure user to this group
  • Remove
    Remove the selected user(s) from this group

Groups

The Groups view presents static Ubisecure Groups that are member of the selected group.

...

  • Add
    Add a group or groups to this group
  • Remove
    Remove the selected group(s) from this group

Dynamic Members

The dynamic member feature allows defining the members of a group using rules that are evaluated at run-time. This feature allows dynamic groups and it is different from "traditional" static groups where the members of a group are defined one by one resulting in a static association.

...

  • Filter
    LDAP search filter expression. For example: (objectClass=ubiloginUser) . The LDAP search filter syntax is specified by RFC 2254 (http://www.rfc-editor.org/rfc/rfc2254.txt)
  • Extensions
    LDAP URL extension value. Valid Ubisecure SSO extension values are:
    • x-tokengroups
      For Microsoft Active Directory external directories, resolves group membership by reading the TokenGroups operational attribute from the user's object
  • Templates
     Select a template that automatically inputs the default values for the fields above.
    • Users of Ubisecure Site
      The most common use case for dynamic members within the Ubisecure Directory is Users of Ubisecure Site. This use case is implemented by defining the distinguished name of a Ubisecure Site and the search scope one or sub.
      Example: ldap:///ou=Users,cn=Ubilogin,dc=localhost??sub?objectclass=ubiloginUser
      → This adds all users below the Users site as members of the group
    • User in External Directory
      Add a single external user. Specify a LDAP URL where the DN identifies the user and search scope is base, leave the other fields empty.
      Example: ldap://localhost/uid=user1,ou=users??base
    • Users of External Directory Branch
      Add all users of a directory branch. Specify a LDAP URL where the DN identifies a container, search scope is one or sub and optionally define a search filter.
      Example: ldap://localhost/ou=users??one?objectclass=person
    • Members of External Directory Group
      Members of a group defined in external directory. This integration method is available if the group in the external directory has an attribute that lists the members of the group. This integration method does not resolve external dynamic groups or a group including group relationships.
      Specify a LDAP URL where the DN identifies the group, the attribute defines the name of the attribute that lists the members, search scope is base.
      Example: ldap://localhost/cn=group1,ou=users?member?base
    • Members of Active Directory
      GroupMembers of a group defined in Active Directory. This integration method is available for Active Directory external directories. This integration method resolves the transitive group memberships for the given group.
      Specify a LDAP URL where the DN identifies the group, the attribute defines the binary objectSid attribute, search scope is base, x-tokengroups is included in the set of extensions.
      Example: ldap://localhost/cn=group1,ou=users?objectSid;binary?base??x-tokengroups

Attribute Members

The Attribute Members feature enables defining group memberships based on attributes received during authentication. Users can be mapped to groups dynamically at run-time based on the logical queries about the presence or absence of user and methods attributes as well as their values.

...

Note

NOTE: Whitespaces may break the precondition syntax, please be careful when using them.

Member Of

The Member Of view presents the static groups that this group is member of.

...

  • Add
    Add new groups
  • Remove
    Remove the memberships of the selected group(s)

Allowed Applications

The Allowed Applications view presents all those Applications that this group has access to by the Allowed To list association.

...

  • Add
    Add this group to applications access control list
  • Remove
    Remove this group from selected application(s) access control list

Allowed Methods

By selecting authentication methods for this group you can configure that unregistered users belong to the selected group. An unregistered user is one that has its user identity stored in an external authentication service.

...

Note

NOTE: Unregistered users represent the user identities stored in external authentication services. By selecting methods in this view, all users authenticated in external authentication services belong to this group.

Authorization

The Authorization view (see Figure 10) presents the Authorization policies associated with the selected group.

...

The authorization policies that are associated with this group can be managed in the site's authorization view. Please refer to page Manage Authorization Policiesauthorization policies.