Mapping external users to local groups
Users, whose login information is managed by Active Directory or LDAP, are defined as dynamic members within Ubisecure SSO. Dynamic members are authorized access to Web Applications by assigning membership to a specific group in Ubisecure Management.
- Navigate to the group that external directory or Active Directory members should be assigned to.
- Select Dynamic Members and create a new definition.
- Enter the protocol and URL of the external directory or Active Directory server.
- Define the DN of the directory-leaf where the members are located in the external directory or Active Directory.
- Define the scope of the LDAP search, this is, select
- "base" for lookups in the parent object's attributes,
- "one" for searching among its child objects or
- "sub" for a recursive search through all of the descendants.
- Either define attributes and extensions as in the figure below or give a filter for the users.
Figure 1. Dynamic Members of a Ubisecure Group |
When this dialog is completed, Ubisecure will assign users from the external directory to the group in the Ubisecure Directory. Furthermore, these members are granted access to all of the resources that the parent group(s) may access, according to the configuration of the web applications.