Hello, I need an Issuance Authorization Rule that will only permit a user if he is a member of a specifc domain AND is a member of one of our groups whose name starts with COA_ADM. All others should be denied.
Domain must be COMPANYA
Must be memberOf any group starting with COA_ADM
Here's my rule so far, please help me to get this to work. I'm sure I'm way off. Thanks!
c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY", Value =~ "^(?i)COMPANYA\\"]&&
c2:EXISTS([type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/group", Value =~ "^(?i)COA_ADM"])
=> issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "PermitUsersWithClaim");