Hello, I set up the STAS SSO mechanism within a WIndows AD domain. It works, but most users belong to more than one group.
I created specific AD groups to manage access through the firewall, sothat it is would be sufficient to change user AD group membership instead of accessing the fw for the same reason. But, I'm unable to have the fw mapping the correct group. How does it work? I created some <AD groups, added the relevant AD users to it. When the STAS registers one user (who is member of a numer of AD groups), the appliance searches for the user in AD, scans group membership and finally chooses one group to import. Unfortunately it is not the intended group. I tried to reorder groups in Sophos, I renamed groups in AD sothat they would appear first in alpha order, I set the relevant group to be the primary group for the user... But it doesn't work. How do I drive the appliance in the right group selection? Maybe some AD attributes have to be set?
This thread was automatically locked due to age.
