Although user group information expires based on your configuration, this information is stored in the system once you have associated the respective user groups with a security policy. However, the user group information will be deleted when you remove the respective security policy. In addition, if the IdP in your authentication profile renames a user group or deletes one, you must resynchronize the user groups to get the latest information.
To retrieve user group information from an IdP, complete the following on the User Group Sync tab:
- Authentication Profile: Choose an enabled authentication profile you want to use to retrieve user groups. Only enabled profiles are available for selection. Complete the following:
- Admin Token: This is the authorization token from the IdP. Depending on the IdP you have selected in the authentication profile, refer to the respective vendor documentation on how to acquire an admin or API token.
- IdP Domain: This is the IdP domain.
- Expiration: Choose the time duration you want the system to keep the user group information. The default is 48 hours.
- Click Sync. When the synchronization is complete, available user groups are displayed in the Synced User Groups panel.
The synchronized user groups are now available when you configure security policies. For information about security policies, see Configuring Security Policies.
The Synced User Groups panel displays the following information:
- User Group: The name of the user group.
- Profile: The name of the authentication profile used to retrieve the user group.
- Identity Provider: The IdP used to retrieve the user group information.
- Expires At: The date and time when the user group information expires.
For more information about access authentication, see the following:
This page has no comments.