Affiliate Users

After a user is associated with a consumer object, the assertion generator can create SAML assertions for the user. Then the assertion acts as the user credentials for access to consumer resources.
casso127
HID_affiliate-users-tab
The Users dialog is where you specify the users and groups that can access resources at the consumer. Add users and groups only from directories that are included in the affiliate domain in which the consumer exists.
After a user is associated with a consumer object, the assertion generator can create SAML assertions for the user. Then the assertion acts as the user credentials for access to consumer resources.
The page lists the users and groups that are allowed access resources at the consumer site.
This page also includes the following fields and controls:
  • Allow Nested Groups
    Allows
    CA Single Sign-On
    to return a user from a group that is nested in another group. Nested groups often occur in complex LDAP deployments.
  • AND User/Groups
    Lets you configure an OR or AND relationship between the users or groups of users. The relationship instructs the Policy Server when to fire the rules included in a policy.
    For example, you could define the following group relationship in a policy:
    Authorize if Member of (Accounting AND Marketing AND Collections) OR (Legal AND Finance AND Support) OR (Shipping)
    The Policy Server only fires the policy when the user is a member of all the groups in the AND relationship or a member of the groups in the OR relationship.
  • Add Members
    Opens the Users/Groups dialog from where you can add and remove users and groups.
  • Add Entry
    Opens the User Directory Search Expression Editor. The User Directory Search Expression Editor lets you use search expressions to locate users for authentication so the asserting party can generate assertions. Search expressions can bind users to a policy based on attributes that appear in user, group, and organization profiles.