Does BCAAA use more resources when the ProxySG policy refers to nested Active Directory group names on IWA realms?
Last Updated May 13, 2017
When the ProxySG appliance connects to BCAAA, it sends BCAAA a list of all the groups referenced in policy. These are called "Groups of Interest.”
BCAAA creates a mutex for each Group of Interest. An ACL is placed on the mutex such that it allows only the specified group access.
Following a successful authentication, BCAAA impersonates the user and attempts to access each mutex; this lets Windows handle the complexities of nested groups. Nested groups are therefore not an issue for IWA realms.
Imported Document ID: 000008978
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.