AD groups with Single Sign On

Question

I have configured SSO with ping and was able to configure the SAML User successfully with the following format <username>@<doman>

the problem now is that I am trying to configure the SAML groups with the same format and I am able to add them to the webui under SAML Groups <group name>@<domain> but users inside the group fail to authenticate

I configured SSO as followed

Identity provider name: [veritas_configuration]
Identity provider type: [SAML2]
Identity provider user: [userPrincipalName]
Identity provider user groups: [memberOf]
Enabled: [true]

and I am getting userPrincipalName and memberOf in the SAML response in the same format <username/group>@<domain>

x2 · Accepted Answer

Once SSO was setup, I used the WebUI, I had added a SAML group as &lt;group_name&gt;@&lt;full_domain_name&gt; and it worked. The only issue I noticed is that if I use a browser session where I was using SSO with a normal username, it would give me an error. This is because my access to the WebUI/Java console is only via my "admin" account. So make sure the users are using the correct account.
Also, are you able to test SSO using SAML group just for yourself? If that works, there is something on the user's side.
&nbsp;

creativeguitar · Answer

you are correct! The main issue that I was having is that the SP provider was passing me the value "username" in the metadata file. Once they concatenated "@domain" to the username, then it started working.

Forum Discussion

AD groups with Single Sign On

2 Replies

Related Content

Reports grouped by (user added) Host attribute?

Failover Service Group(Parent) on Top of Parallel Service Group(Child)

List volume groups

Regarding service group freeze and offline service group

Many tape dismounts during single duplication job

Recent Discussions

MS-SharePoint policy restore error (2804) .

How to restore a backup

How to configure RBAC

command: bperror

10 years old netbackup appliance database service down, ssl certification out date