Split authorization is the ability to use an LDAP realm in conjunction with an IWA realm to provide more control over a user/group based on attributes provided by the LDAP server.
As an example a customer may set up authentication via an IWA realm and then create policy leveraging a specific LDAP attribute to authorize, or not, a users access to a specific site.
Note that this feature can only be activated via the CLI and the policy it uses can only be created in CPL, ie there is currently no GUI or VPM support for this feature See the SGOS 6.7 Content Policy Language Reference for more details
As of SGOS 6.7.2 customers now have the ability to use split authorization in conjunction with IWA-Direct and LDAP realms, please note that IWA-BCAAA realms are not supported.
An example setup might be as follows
Create IWA-Direct Realm
Create LDAP realm
Add LDAP authorization to IWA-Direct realm
Use new policy condition"user.authorization_name=" to test the user's LDAP DN.