Configuring user groups for single sign-on
After you have configured the system to use single sign-on, you can configure user groups to use single sign-on. Like LDAP, you must create the remote groups with names which match the name of a group on the Identity provider.
Using the management GUI
To enable single sign-on for user groups, complete these steps:
- For existing user groups:
-
- In the management GUI, select .
- Select the user group from the left navigation and select . For each user group on the authentication service, a corresponding user group must be created with the same name.
- On the User Group Properties page, select Single sign-on under Remote Authentication.
- Click OK.
- For new user groups
-
- Select .
- On the Create User Group page, enter the following information:
- Group Name
- Enter the name of the group that is from AD FS. The name of the group on the system must match.
- Ownership Group
- If ownership groups are configured on your system, you can select an ownership group for the user group.
- Remote Authentication
- Select Single Sign-on.
- Role
- Select a role for the user group. The role determines privileges that users are granted when they are assigned to the user group.
- Click Create.
Using the CLI
To configure user groups for single sign-on, complete these steps:
- For existing user groups
-
chusergrp -remote yes <id or name of group>
- For new user groups for remote users
-
mkusergrp -name <name> -role <role> -remote