History
Working with Policy Manager Administrators have the ability to setup custom Authentication Policies.
Authentication Policies could be configured with Directory Manager > Groups. These Groups could be Sync'd from Active Directory or be local to Passly.
Problem
Passly does not update Group names dynamically in Authentication Policies if the name of the group is changed.
If you change the name of Group/Organization locally or via AD, the name change is not applied to Authentication Policy.
This happens when you have an Authentication policy that is set for your organization, endpoint, etc. This Authentication policy has the criteria ‘is member of a group’ or ‘is not a member of a group’ and you change:
- The name of the appropriate group in the Directory manager -> Groups tab;
- The name of the the organization that contains your group in the Directory manager -> Organizations tab.
In both cases, the group name will be displayed with the old group/organization name and Authentication Policy will work different because the names will not match.
Resolution
Resolving this problem includes the following steps:
- Navigate to Authentication in Policy Manager tab;
- Open an existing Authentication Policy that contains the criteria ‘is member of a group’ or ‘is not a member of a group’;
- Remove the appropriate group whose name was changed/organization name was changed;
- Find this group with the correct group name/organization name and select it using the checkbox;
- Save changes.
Now your Authentication Policy should work correctly.