We are looking to restrict product access to certain users. Unfortunately these users do not belong to a specific security group so the next best thing that I see is to only include visibility based on a certain AD property. Currently under the AD Property dropdown there are only 3 options -- city, company, and office. Is it possible to add additional properties to this dropdown list or is this a fixed section?
‎Feb 24, 2021 06:55 AM
You should be able to add additional properties beyond he default by going to site management->Active Directory->Property Mapping. You will see a list of AD properties, some of which may have been populated by a custom user sync (ADGUID for instance).. Anyways, if you want a property to be usable, then you would "edit" the property, and select "allow deployment" for the property.. Once you do this, the property should be selectable in your condition. The following screen capture illustrates:
(Don't forget to select "update")
‎Feb 24, 2021 07:46 AM
It would have to come from the Active Directory User Discovery attributes that are in SCCM.. I'd expect that you could expand the user discovery attributes to get most things from AD.. If you are able to discover it, then you should be able to add the same into WD_User via a custom query...
‎Feb 24, 2021 10:15 AM
You should be able to add additional properties beyond he default by going to site management->Active Directory->Property Mapping. You will see a list of AD properties, some of which may have been populated by a custom user sync (ADGUID for instance).. Anyways, if you want a property to be usable, then you would "edit" the property, and select "allow deployment" for the property.. Once you do this, the property should be selectable in your condition. The following screen capture illustrates:
(Don't forget to select "update")
‎Feb 24, 2021 07:46 AM
If the AD property does not exist in the SCCM DB is there a way to import properties directly from AD or is App Portal completely dependent on the user properties that SCCM exposes?
‎Feb 24, 2021 08:19 AM
It would have to come from the Active Directory User Discovery attributes that are in SCCM.. I'd expect that you could expand the user discovery attributes to get most things from AD.. If you are able to discover it, then you should be able to add the same into WD_User via a custom query...
‎Feb 24, 2021 10:15 AM
Thanks @CharlesW this exactly what I'm looking for.
‎Feb 24, 2021 10:45 AM
Sorry to jump on this topic with a related question .. but if users were in a AD group, is there an option to EXCLUDE users based upon AD group membership? Thought I only saw inclusion options under Site & Catalog security. Also if using reverse dns as computer discovery.. is there a way to restrict access based upon client type ? (ex: exclude any Mac devices from accessing App Broker). thxs
‎Feb 26, 2021 02:10 PM
@Ralph_Crowley - No, admin and catalog security only allow you to add users and groups.. In the absence of this functionality, I think that @dbeckner was going to restrict access to catalog items via catalog visibility conditions, or (more likely) category security based on AD Properties..
One think which both of you "might" use would be to specify either a licensed collection or licensed view under settings->website.. This allows you to create a collection in SCCM, and based on what you choose, you can either exclude or include devices.. The licensed view does something similar, but it is based on a query run against the App Portal DB.. If the device accessing the site did not meet the criteria, then the user would see "you are not licensed to use this software".. No idea how you would feel about this, but I wanted to present this as an option.
‎Feb 26, 2021 03:47 PM
‎Feb 26, 2021 03:49 PM
Tagging on to this thread, a couple random thoughts...
‎Mar 04, 2021 07:05 PM