Enhance Active Directory User Source to support nested groups | Voters

Enhance Active Directory User Source to support nested groups

complete

d.walters@schenckprocess.com

Instead of assigning Roles based on the user properties, add the ability to search for the roles to be assigned to a particular user.
It could be exactly the same as the role search except it would be used to assign roles to a user.
This would properly assign roles that are configured with nested groups in AD.

March 14, 2018

Chris Nathan

marked this post as

complete

Completed by IGN-5833. To be released in version 8.3.0

Chris Nathan

This feature is complete and will be released in version 8.3.

Timothy Manning

marked this post as

in progress

Douglas Yerger

I have several customers that normally use nested security groups that have been forced to create workflow exceptions for Ignition roles. Ignition should be able to find all roles a user has whether from being a direct member of a group or being part of a nested group.

awalker

marked this post as

under review

Ryan Crownover

Agreed. Currently cannot leverage the memberOf:1.2.840.113556.1.4.1941: style query to get nested groups because Ignition's AD user source config only provides a User Role Attribute, not a User/Role relationship filter.

This has caused repeated headache for role management on the end of large corporate IT departments that are my customers.