Support for nested Active Directory groups
I'm very happy with the fact that there is an Active Directory integration, but the lack of support for nested AD groups cripples the potential. We've set up an authorization matrix in our AD where users are added to a group signifying a user role and that primary group is added to secondary groups that actually grant permissions to resources like a mailbox or a file share. This could very easily be extended with groups that signify network access, but that would require the XG firewall to resolve nested group membership, so that it could check whether an AD user has or has no permission to access that network resource.
The user side is nearly useless without this features. User accounts need to be members of multiple groups.
Hi. Can you tell me whether this feature has been implemented in XG V18? Nothing is, as yet, shouting out but I may have missed something.
Hope you can give me some good news.
If it hasnt been implemented, can you tell me when (!) it will be as it is so very much needed.
Really need this!
Im absolutely floored nested groups isn't supported and as "Anonymous" commented - this isn't real AD integration at all. I've integrated more platforms and systems with AD than i can begin to count - none of which failed as badly as Sophos.
It's very frustrating that this isn't supported - makes implementing Microsoft best practice for group management in Active Directory impossible.
Without Support for nested Active Directory groups there is no real Active Directory integration on XG. Why does sophos stops imlementation of Active Directory on haf way?
This is the best practice way to manage access rights in an Active Directory environment. It would be very useful for the Firewall to be able to do this
William de Vos - IMPROVES B.V. commented
It takes much less administration when nested groups are supported. Now I have to add individually all objects in the groups and when the object needs to be removed I need to remove it out of ALL the groups.