Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Restricting access via Socialcast SSO using Active Directory groups (2035687)

Purpose

When using Active Directory with ADFS 2.0 as part of a Socialcast SSO configuration, you may want to authorize only a subset of domain users accounts to access Socialcast.
 
This article provides a sample configured that can be applied within the SSO flow to retain the SSO provisioning functionality.

Resolution

To configure ADFS 2.0, so that only a subset of domain users accounts are authorized to access Socialcast:
  1. Launch the ADFS 2.0 Management Tool.
  2. Navigate to ADFS 2.0 > Trust Relationships > Relying Party Trusts.
  3. Right-click the configured Socialcast entry and click Edit Claim Rules.
  4. Click the Issuance Authorization Rules tab.
  5. If you are using a default-deny policy, delete the Permit Access to All Users rule.
  6. Click Add Rule.
  7. Select the Permit or Deny Users Based on an Incoming Claim template and click Next.
  8. Enter a descriptive name for the rule.
  9. Set Incoming claim type to Group SID.
  10. Click Browse and set Incoming claim value to the relevant Active Directory group.
  11. Select the Permit access to users with this incoming claim option and click on Finish.

    Note    : If this is a blacklisting group, select the Deny option instead.

  12. Click Apply to activate the new settings
New sign-in attempts via ADFS is now be checked for membership of this group before being issued a valid token. If a user successfully authenticates, but is not a member of the specified allowed groups, the user sees a Permission Denied error from the Socialcast system upon loading.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: