The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Restricting access via Socialcast SSO using Active Directory groups (2035687)
This article provides a sample configured that can be applied within the SSO flow to retain the SSO provisioning functionality.
- Launch the ADFS 2.0 Management Tool.
- Navigate to ADFS 2.0 > Trust Relationships > Relying Party Trusts.
- Right-click the configured Socialcast entry and click Edit Claim Rules.
- Click the Issuance Authorization Rules tab.
- If you are using a default-deny policy, delete the Permit Access to All Users rule.
- Click Add Rule.
- Select the Permit or Deny Users Based on an Incoming Claim template and click Next.
- Enter a descriptive name for the rule.
- Set Incoming claim type to Group SID.
- Click Browse and set Incoming claim value to the relevant Active Directory group.
- Select the Permit access to users with this incoming claim option and click on Finish.
Note: If this is a blacklisting group, select the Deny option instead.
- Click Apply to activate the new settings
New sign-in attempts via ADFS is now be checked for membership of this group before being issued a valid token. If a user successfully authenticates, but is not a member of the specified allowed groups, the user sees a Permission Denied error from the Socialcast system upon loading.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.