Page Comparison

...

To retrieve user group information from an IdP, complete the following on the User Group Sync tab:

Authentication Profile: Choose an enabled authentication profile you want to use to retrieve user groups. Only enabled profiles are available for selection.

...

For information about how to create authentication profiles, see Configuring Authentication Profiles.

For LDAP profiles (for MS AD Sync), complete the following:

• User Name: Enter the username for logging in to the Microsoft Active Directory server.
• Password: Enter the password for logging in to the Microsoft Active Directory server.
• On-prem Host: Choose the on-prem host with which you have associated the LDAP profile from the list
• Expiration: Choose the time duration you want the system to keep the user group information. The default is 48 hours.

For SAML profiles, complete the following:

• Admin Token: This is the authorization token from the IdP. Depending on the IdP you have selected in the authentication profile, refer to the respective vendor documentation on how to acquire an admin or API token.
• Expiration: Choose the time duration you want the system to keep the user group information. The default is 48 hours.
  

For SAML profiles, complete the following:

• Admin Token: This is the authorization token from the IdP. Depending on the IdP you have selected in the authentication profile, refer to the respective vendor documentation on how to acquire an admin or API token.
• IdP Domain: This is the IdP domain for the IdP you set up.
  
• Expiration: Choose the time duration you want the system to keep the user group information. The default is 48 hours.

Click Sync. When the synchronization is complete, available user groups are displayed in the Synced User Groups panel. 

The synchronized user groups are now available when you configure security policies. For information about security policies, see /wiki/spaces/DraftReview/pages/11567288.

...