RapidIdentity Administrators' and Users' Guide

QRC - Configure Nested Groups through Portal Roles

Through the use of Portal Roles, Roles can be configured to dynamically sync members of nested groups. Active Directory supports nested groups by creating a dynamic Role with the use of the "memberOf" attribute.

In the following example, the "Dynamic Nested Role" will sync members of the group CN=Staff,OU=Groups,DC=idauto,DC=lab.

1. Under Portal > Roles, create a new Role with the appropriate values.

2. Open the Role and click on the "Edit Role" button. Then, click on the "Dynamic" tab.


3. Add the LDAP filter: (memberOf=<dn of nested group>.

4. Once editing is completed, click on the "Save" button.