Hi All,

NAM: 3.2.1

I'm trying to offer desktop sso, using a AD kerberos login contract,
whilst sending roles which are based off an eDirectory instance.

In more confusing detail , I have a policy to activate a role, based
off group memberships in our eDirectory instance. If you have the
specific group membership, activate role ADMIN etc. I can offer a
username / password login, using the same eDirectory instance, and the
roles are applied successfully as expected.

I would like to however, provide a desktop sso / kerberos option, whilst
still having the option of sending the role, using the same group
memberships in our eDirectory instance.

Is this possible? Is there any documentation which you can link to?

Thanks in advance, and sorry for the confusing question as I'm still
trying to get my head around it all...

gbatty1's Profile: https://forums.netiq.com/member.php?userid=2072
View this thread: https://forums.netiq.com/showthread.php?t=49815