IT-SHOP - Access

Question

Hi, in oneidentity 8.2.1, is it possible to grant access to IT-Shop to only a subset of users based on the membership of an Active Directory group? Thanks, Roberto

Troy Grandy · Answer

To gain access to the ITShop all the user has to be is active, if they are inactive it will not allow them to authenticate. 
 
 This can be changed, there is a dynamic role on the IT Shop "Identity & Access Lifecycle". This dynamic rule determines who gets access to this shop. You could create a second IT Shop for just this set of users you want or change the dynamic rule for the default IT Shop to only allow users based on ADSGroup membership.

Barry Jackson · Answer

Hi, 
 There is a control in the web.config called: authorization > allow users / deny users. 
 I haven't done it myself but I do recall being told a long time ago that you can use these controls to restrict access by AD group membership. 
 I'll see if I can find the syntax but no promises. 
 HTH, Barry.

Barry Jackson · Answer

I found this but it's from 2015 ..... might be out of date:

Barry Jackson · Answer

This might be more syntactically correct: