• State Not Answered
  • Replies 5 replies
  • Subscribers 94 subscribers
  • Views 1401 views
  • Users 0 members are here
Options
Related

How can I login IAM Modules with an user who has a specific Active Directory Security Group?

Ferhat Karakoyun
over 3 years ago

Hello,

I tried to use "Active Directory  User Account (manuel input)" Method and users can login Modules successfully with their AD accounts. But our customer asked me that how can we control the users' permissions? We don't want every AD users can login modules. Only users can login to Modules who are member of a specific AD security group which we will create. Is that possible to manage the authentication method based to AD security Groups?   Which authentication method do we use with what kind of configurations?

Parents
  • 0 over 3 years ago

    One custemer's version is 8.1.3 and other one is 8.1.1.  I mean fat clients (Designer, LauncPad, Manager, etc..)

  • 0 over 3 years ago in reply to Ferhat Karakoyun

    Option 1 is to use the program functions ApplicationStart_<Toolname> for example ApplciationStart_Manager for this. The drawback is, that some of these are already assigned to the ootb permission groups. That means you would have to copy some of the ootb groups and create your custom ones without these functions assigned. Then assign the needed program functions to a permission group and this group to an application role. Make the membership dynamic based then.

    Option 2, and I think this is the better one, use the OAuth / OpenID Connect authenticator for the fat client authentication and restrict the groups in the IDP itself.

  • 0 over 3 years ago in reply to Markus Weiss-Ehlers

    Hello Markus,

    We've enabled OAuth authentication and installed RTST certificate properly. But during logging in via OAuth we've having the error below.

    I've also checked self-sign certificate is enabled. Thank you for your help.

    Failed to authenticate user.
    An error occurred while sending the request.
    An error occurred while sending the request.
    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
    The remote certificate is invalid according to the validation procedure.

  • 0 over 3 years ago in reply to mert ayaz

    I would like you to create a new thread for this topic or contact support just because this looks like a new topic to me.

    Thank you.

Reply Children
No Data