<N2WS-Address>
is either the DNS name or the IP address of the N2WS Server.https://<N2WS-Address>/remote_auth/metadata
https://<N2WS-Address>/remote_auth/complete_login/
https://<N2WS-Address>/remote_auth/complete_logout/
default
:βdefault_managed_users
default_independent_users
default_root_delegates
default_root_delegates_readonly
cpm_user_groups
whose value is set to all the groups the user is a member of, both N2WS related groups and non-N2WS related groups.cpm
β prefix. In cases where the names of the group users are assigned to in the IdP is of the form cpm_<group-name-in-N2WS>
, for example cpm_mygroup
where mygroup
is the name of a group that was created in N2WS, the <group-name-in-N2WS>
part of the name must match the name of a group in N2WS. See section 19.2. For example, to give IdP users permissions of the N2WS group default_managed_users
:cpm_default_managed_users
.cpm_user_groups
.cpm_default_managed_users
.default_managed_users
.cpm_user_groups
.default_managed_users
.cpm_user_groups
claim, only one can be an N2WS group, such as cmp_mygroup
. If an IdP user is a member of more than one N2WS group, the logon will fail with a message indicating the user belongs to more than one N2WS group.βuser_type
Managed
Independent
Delegate
user_name
user_email
allow_file_level_
recovery
max_accounts
max_instances
max_independent_ebs_gib
max_rds_gib
max_redshift_gib
max_dynamodb_gib
max_controlled_entities
original_username
allow_recovery_changes
allow_account_changes
allow_backup_changes
allow_settings
msDS-cloudExtensionAttribute1
) or a custom attribute added to the IdP user schema specifically for this purpose. The content of the attribute specifies the userβs N2WS permissions in the key=value format detailed in section 19.3.1.max_accounts=1
, all other permissions will be inherited from the userβs group permissions.cpm_user_permissions
must be created. The value of the claim must be mapped to the value of the attribute chosen above.N2WS
), and then select Next.https://
followed by the N2WS DNS name or IP address, and then followed by /remote_auth/complete_login/
. For example, the resulting string might look like:https://ec2-123-245-789.aws.com/remote_auth/complete_login/
https://
followed by the N2WS DNS name or IP address, and then followed by /remote_auth/metadata
in the Relying party trust identifier box. For example, the resulting string might look like: https://ec2-123-245-789.aws.com/remote_auth/metadata
/adfs/ls/?wa=wsignout1.0
(e.g. https://adserver.mycompany.com/adfs/ls/?wa=wsignout1.0
)/remote_auth/complete_logout/
(e.g. https://ec2-123-245-789.aws.com/remote_auth/complete_logout/
).cpm_user_groups
.β.crt
) option and then select Next.cpm_user_permissions
must be created before the user-level permissions can take effect.βmsDS-cloudExtensionAttribute1
).cpm_user_permissions
.cpm
prefix. Select the Groups tab and then select β