Allow Nested LDAP Groups Service Provider Access

LDAP user directories may contain groups nested in other groups. In complex directories, large amounts of user information may be organized in a nested hierarchy.

If you enable a Service Provider to search for users in nested groups, any subset group from a larger group that you add to a policy is searched by the Policy Server. If you do not enable nested groups, the Policy Server only searches the single group you specify for the Service Provider.

To allow the Service Provider to search nested groups in an LDAP user directory:

  1. From the Users tab, select the Allow Nested Groups check box to enable nested groups searching for the Service Provider.
  2. If the associated affiliate domain contains more than one user directory, the directories appear as tabs on the User tab.

