Configuring user groups for single sign-on

After you have configured the system to use single sign-on, you can configure user groups to use single sign-on. Like LDAP, you must create the remote groups with names which match the name of a group on the Identity provider.

Using the management GUI

To enable single sign-on for user groups, complete these steps:
For existing user groups:
  1. In the management GUI, select Access > Users by Group.
  2. Select the user group from the left navigation and select User Group Actions > Properties. For each user group on the authentication service, a corresponding user group must be created with the same name.
  3. On the User Group Properties page, select Single sign-on under Remote Authentication.
  4. Click OK.
For new user groups
  1. Select Access > Users by Group > Create User Group.
  2. On the Create User Group page, enter the following information:
    Group Name
    Enter the name of the group that is from AD FS. The name of the group on the system must match.
    Ownership Group
    If ownership groups are configured on your system, you can select an ownership group for the user group.
    Remote Authentication
    Select Single Sign-on.
    Role
    Select a role for the user group. The role determines privileges that users are granted when they are assigned to the user group.
  3. Click Create.

Using the CLI

To configure user groups for single sign-on, complete these steps:
For existing user groups
chusergrp -remote yes <id or name of group>
For new user groups for remote users
mkusergrp -name <name> -role <role> -remote