When IWA is set to BCAAA and we try test configuration for any user it gives "User does not belong to any groups of interest" as below:
In order to resolve this issue please follow the below steps:
1. Go to VPM > Web Authentication Layer and add rule, with rule Source <your choice> -destination <Your choice> - Action = Authenticate with realm as BCAAA & mode Auto.
2. Make sure you have SSL interception enabled.
3. Under the web access layer with rule Source BCAAA:SYMCDEMOS\BCAAA_Users - Rest all fields Any Any & Action = Allow.
4. After making these changes click on “Test Configuration” under Configuration > IWA > IWA servers and you can see the group name. Refer below snippet: