Previous Topic: Excluding a User or Group from Access to a ConsumerNext Topic: Adding Users by Manual Entry

Federation Security Services GuideConfigure SiteMinder as a SAML 1.x ProducerSelect Users for Which the Producer Generates AssertionsAllowing Nested Groups Access to Consumers

Allowing Nested Groups Access to Consumers

LDAP user directories may contain groups that contain sub-groups. In complex directories, groups nesting in a hierarchy of other groups is one way to organize tremendous amounts of user information.

If you enable a search for users in nested groups, any nested group is searched for the requested user record. If you do not enable nested groups, the Policy Server only searches the group you specify, regardless if any nested groups exist.

To allow nested groups from within an LDAP directory

  1. In the Affiliate Properties dialog box, click on the Users tab.

    If the associated affiliate domain contains more than one user directory, the directories appear as tabs on the User tab.

  2. Select the Allow Nested Groups check box to enable nested groups searching for the consumer.