Creating a user domain group for NexJ applications

For single sign-on to work, NexJ application users must be added to a new domain group. The new group must be created in the same domain as the NexJ application users themselves.

Domain groups provide a single point of administrative control to deny access from unauthorized users. After a user has been authenticated, the application verifies if they have been granted access to the NexJ application based on their domain group affiliation. If the user is a member of a domain group (for example, nexjusers), then they proceed to access the protected application. If they do not belong to a domain group, they are denied access.

Note: The default group is nexjusers. You can use a different group name by specifying the name in the authGroup security property in your environment file. For example, if you want to use a group called samplegroup, open your environment file in NexJ Studio and edit the authgroup property to specify samplegroup.

To create a domain group for NexJ application users:

  1. Open the Active Directory Microsoft Management Console.
  2. Right-click on the Domain icon and choose New > Group to create a new group.
  3. In the New Group dialog, set the group name to nexjusers (one word, all lower-case).
  4. If prompted, disable Create Exchange Mailbox.
  5. Click Finish.
  6. Add all NexJ application users as members of the group.

Your new domain group has been created and NexJ application users have been added.