I have ASG 120 and ASG 220 v 7.509 in 2 offices connected via Site2Site VPN. There is a different domain behind each ASG. There is a 2 way Forest Wide Trust established between the 2 domain's AD.
Recently turned on SSO and HTTP/S Proxy profiles on the domain behind the ASG 120 (the 220 will follow soon) I have 2 AD groups, MereMortals and VIPS, with different filter items and all is working well.
Now I have some PC's at the 120 site that are joining the domain at the 220 site. So it seems that I need to add a 2nd domain to the SSO / Web Proxy config there. I found this kb article that is not very helpful: https://support.astaro.com/support/index.php/Authenticate_multiple_AD_domains_via_SSO
I already have the trust relationship set up, users at either site can access resources on the other domain's servers. The trust is a 2 way Forest Trust, not a External Trust as mentioned in the link, but MS says the External Trust only needs to be used when a Forest Trust is not possible.
My confusion comes with setting up the User Authentication on the ASG. I can only have 1 domain and 1 authentication server on the SSO tab so how can I create user groups that authenticate to the other domain?
Do I just manually create a new group by keying in something like CN=MereMortals,OU=Users,DC=domain2,DC=com? There is no way to do a prefetch so do the users get created when they log on? What happens when the username is the same in both domains?
This thread was automatically locked due to age.
