Customer would like to configure delegated user in specific group member only.
So, he add following rule with user filter in scope rule.
1. User: condition: Member of = AD Group name
2. User: condition: GroupId = AD Group name.
User try to configure delegated user in specific AD group member only.
So, he add following rule as user filter in scope rule.
User: where( Member of = AD group name )
But it does not work. Any user does not list.
How does it configure to work?
user can specify AD group as LDAP format, such as cn=ADGroupName, cn=Users, dc=example,dc=com.
This sample for Delegated user requests configuration:
1-1. Login Enterprise Management Console as System manager.
1-2. select Users and Groups > Roles > Privileged Access Roles > Modify Roles.
1-3. select Privileged Accounts Request Role
1-4. choice Member tab
1-5. add as following on Scope Rule:
User: where ( MemberOf = cn=AD group name, cn=Users, dc=example, dc=com )
Privileged Accounts: Account Name = *
1-6. ok and submit.