Creating a user domain group for NexJ applications
For single sign-on to work, NexJ application users must be added to a new domain group. The new group must be created in the same domain as the NexJ application users themselves.
Domain groups provide a single point of administrative control to deny access from unauthorized users. After a user has been authenticated, the application verifies if they have been granted access to the NexJ application based on their domain group affiliation. If the user is a member of a domain group (for example, nexjusers), then they proceed to access the protected application. If they do not belong to a domain group, they are denied access.
authGroup
security property in your environment file. For
example, if you want to use a group called samplegroup
,
open your environment file in NexJ Studio and edit the
authgroup
property to specify
samplegroup.To create a domain group for NexJ application users:
- Open the Active Directory Microsoft Management Console.
- Right-click on the Domain icon and choose to create a new group.
- In the New Group dialog, set the group name to nexjusers (one word, all lower-case).
- If prompted, disable Create Exchange Mailbox.
- Click Finish.
- Add all NexJ application users as members of the group.
Your new domain group has been created and NexJ application users have been added.