Customers utilizing ADFS for Single Sign-On can choose to restrict or permit access to Lifesize Cloud based on a user's group membership. This level of authentication can be done by adding an "Issuance Authorization Rule" to the lifesize cloud Relying Party Trust that exists in the ADFS management console. As an example, here are the steps to remove the existing "Issuance Authorization Rule" to permit all users and create a new rule that only permits users belonging to the "LifesizeUsers" group.
- Open the AD FS Management Center
- Expand the Trust Relationships folder
- Select the Relying Party Trusts folder
- Right-click the required trust
- Click "Edit Claim Rules"
- Go to the "Issuance Authorization Rules"
- Delete the default rule to "Permit Access To All Users"
- Click Add Rule
- Select "Permit or Deny Users Based on an Incoming Claim"
- Incoming Claim Type, select Group SID
- Click "Browse" next to the Incoming claim value text field
- Select the required group
- You're done!
You can add as many rules as you would like! Just remember that they are processed in order.