Previous Topic: How to Configure an Authentication and Authorization Directory MappingNext Topic: Configure an AuthValidate Directory Mapping


Configure a Directory Mapping

You can configure a directory mapping to authenticate users against one directory and authorize users against another directory.

To configure a directory mapping

  1. Click Infrastructure, Directory.
  2. Click Auth/Az Mapping, Create Directory Mapping.

    The Create Directory Mapping pane opens.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  3. Select the authentication and authorization directories from the respective lists.
  4. Select the Identical DN or Universal ID option button.

    Important! The directory mapping is successful only if the Universal ID points to a single entry in the authorization directory.

  5. Click Submit.

    The Create Directory Mapping task is submitted for processing.

More information:

Universal IDs

Assign an Authorization Directory to a Realm

You assign a directory mapping to a realm so the Policy Server may authenticate a user in one directory and authorize a user in another directory. The Policy Server uses the authorization directory specified in the realm to authorize users.

To assign a directory mapping to a realm

  1. Open the realm to which you want to assign a directory mapping.
  2. Select the user directory for which the realm should use to authorize an authenticated user from the Directory Mapping list.

    The Default value indicates that there is no directory mapping; the authentication directory will be used as the authorization directory when a user attempts to access a resource in the realm. The list only contains user directories that have been configured as authorization directories in an existing directory mapping.

    Important! You can map only one authorization directory per realm.

  3. Click Submit.

    The Policy Server saves the directory mapping. Users that access the realm authenticate normally and authorize against the directory specified in the realm.

More information:

Configure a Realm

How to Configure an AuthValidate Directory Mapping

AuthValidate Directory Mapping is an extension of Authentication and Authorization Directory Mapping. Both types of directory mapping allow users to authenticate against one user directory and authorize against another user directory. In both cases, the directory mapping type can be further specified as Identical DN or Universal ID.

AuthValidate directory mapping extends Authentication and Authorization directory mapping in three ways: