Policy not working with nested AD group
search cancel

Policy not working with nested AD group


Article ID: 259048


Updated On:


CASB Security Advanced CASB Gateway CASB Gateway Advanced CASB Audit


A policy is configured to apply to users in a nested group, or create an exception for users in a nested group. But the policy is not applying properly.

Users and groups are synced to CloudSOC through SpanVA ADSync


If a group does not sync properly through ADSync to CloudSOC, it may not sync again and correct itself through regular automatic syncs. The automatic syncs just sync changes to CloudSOC


Run a Full ADSync from the SpanVA to ensure that the groups are re-synced.

Try associating the user directly to the policy instead of relying on the group association.

To help troubleshoot this further, create a HAR file from the browser while performing the action related to the policy. This HAR file can assist Broadcom Support in troubleshooting the issue.