SAML Service Provider--User Settings

Only add users and groups from directories that are in the affiliate domain in which the Service Provider exists.
casso127
HID_samlsp-users-tab
The Users page is where you specify the users and groups that can be granted access to resources at the Service Provider. The Identity Provider can generate assertions for these users for authentication purposes.
Only add users and groups from directories that are in the affiliate domain in which the Service Provider exists.
The page lists the users and groups that are allowed access to resources at the Service Provider. This page also includes the following fields and controls:
  • Allow Nested Groups
    Allows
    CA Single Sign-On
    to return a user from a group that is nested in another group. Nested groups often occur in complex LDAP deployments.
  • AND User/Groups
    Lets you configure an OR or AND relationship between the users or groups of users. The relationship instructs the Policy Server when to fire the rules included in a policy.
    For example, you could define the following group relationship in a policy:
    Authorize if Member of (Accounting AND Marketing AND Collections) OR (Legal AND Finance AND Support) OR (Shipping)
    The Policy Server only fires the policy when the user is a member of all the groups in the AND relationship or a member of the groups in the OR relationship.
  • Add Members
    Opens the Users/Groups dialog from where you can add and remove users and groups.
  • Add Entry
    Opens the User Directory Search Expression Editor. The User Directory Search Expression Editor lets you use search expressions to locate users for authentication so the asserting party can generate assertions. Search expressions can bind users to a policy based on attributes that appear in user, group, and organization profiles.