Affiliate Users
After a user is associated with a consumer object, the assertion generator can create SAML assertions for the user. Then the assertion acts as the user credentials for access to consumer resources.
casso10
HID_affiliate-users-tab
After a user is associated with a consumer object, the assertion generator can create SAML assertions for the user. Then the assertion acts as the user credentials for access to consumer resources.
The page lists the users and groups that are allowed access resources at the consumer site.
This page also includes the following fields and controls:
- Allow Nested GroupsAllowsCA Single Sign-Onto return a user from a group that is nested in another group. Nested groups often occur in complex LDAP deployments.
- AND User/GroupsLets you configure an OR or AND relationship between the users or groups of users. The relationship instructs the Policy Server when to fire the rules included in a policy.For example, you could define the following group relationship in a policy:Authorize if Member of (Accounting AND Marketing AND Collections) OR (Legal AND Finance AND Support) OR (Shipping)The Policy Server only fires the policy when the user is a member of all the groups in the AND relationship or a member of the groups in the OR relationship.
- Add MembersOpens the Users/Groups dialog from where you can add and remove users and groups.
- Add EntryOpens the User Directory Search Expression Editor. The User Directory Search Expression Editor lets you use search expressions to locate users for authentication so the asserting party can generate assertions. Search expressions can bind users to a policy based on attributes that appear in user, group, and organization profiles.