This project has moved. For the latest updates, please go here.

Nested Security groups and augmentation

Sep 30, 2016 at 7:50 AM
Augmentation is working great but people in nested securitygroups aren't being picked up. Am I doing something wrong on the configuring side?
Oct 3, 2016 at 12:13 PM
Nested groups should also be added in the security token.
Are all groups in the same domain as the user?
Oct 3, 2016 at 1:44 PM
Edited Oct 3, 2016 at 7:43 PM
Thanks for your reply, yes they are in the same domain, to clarify further:

I’ve got a user X that’s part of the securitygroup G_ORG_DEPARTMENT_TEAM. Securitygroup G_ORG_DEPARTMENT_TEAM is included in securitygroup G_ORG_DEPARTMENT.

When I give access to group G_ORG_DEPARTMENT the user can’t login, when I give access to the group G_ORG_DEPARTMENT_TEAM the user can log in.

Using a claims viewer webpart I only see the G_ORG_DEPARTMENT_TEAM claim, when I also add user X to the securitygroup G_ORG_DEPARTMENT I see them both.

Is this expected behaviour?
Oct 4, 2016 at 3:04 PM
No, you should be able to set permissions on group G_ORG_DEPARTMENT. It looks like LDAPCP does not add the group G_ORG_DEPARTMENT in the SAML token during augmentation.
Can you filter on product/area "LDAPCP" and on category "Augmentation" when user signs-in and check if they show anything useful?
Oct 7, 2016 at 10:30 AM

Figured it out, forgot to set the “Select which LDAP path to query for augmentation”. Since I was getting ‘some’ group information I figured it was working. Guess I was wrong. Tnx for the support.

Marked as answer by Yvand on 10/12/2016 at 12:08 AM