SSO and ADFS - Permit or Restrict access to the Lifesize Cloud service by Group

Document created by cezi Support on Jun 16, 2017Last modified by michaelt on Jun 16, 2017
Version 2Show Document
  • View in full screen mode

Customers utilizing ADFS for Single Sign-On can choose to restrict or permit access to Lifesize Cloud based on a user's group membership. This level of authentication can be done by adding an "Issuance Authorization Rule" to the lifesize cloud Relying Party Trust that exists in the ADFS management console. As an example, here are the steps to remove the existing "Issuance Authorization Rule" to permit all users and create a new rule that only permits users belonging to the "LifesizeUsers" group.

  • Open the AD FS Management Center

Step1.png

  • Expand the Trust Relationships folder
  • Select the Relying Party Trusts folder

2.png

  • Right-click the required trust
  • Click "Edit Claim Rules"

3.png

  • Go to the "Issuance Authorization Rules"
  • Delete the default rule to "Permit Access To All Users"

4.png

  • Click Add Rule
  • Select "Permit or Deny Users Based on an Incoming Claim"

5.png

  • Incoming Claim Type, select Group SID
  • Click "Browse" next to the Incoming claim value text field
  • Select the required group

6.png

  • You're done!

 

7.png

 

You can add as many rules as you would like! Just remember that they are processed in order.

7 people found this helpful

Attachments

    Outcomes