User must select from among assigned roles

Specifies if you want the users to select from the assigned roles.

Select Admin Realm > Role Mapping Rules > User must select from among assigned roles to enable this option.

User must select the sets of merged roles assigned by each rule

Specifies if you want users to select the sets of merged roles that are assigned by each rule.

Select Admin Realm > Role Mapping Rules > User must select the sets of merged roles assigned by each rule to enable this option.

Name

Specifies the name entered on the sign-in page.

Enter a name.

Assign these roles if the rule matches >Non-members

Specifies the list of non-members whose roles are not matched with the rules.

Select a non-member from the list to assign to the authenticated user by adding/removing it to/from the Members list.

Stop processing rules when this rule matches

Specifies if you want the device to stop evaluating role mapping rules if the user meets the conditions specified for this rule.

Select Admin Realms > Role Mapping Rules > Settings > Stop processing rules when this rule matches to enable this option.

Role mapping rule type

Specifies the type of role mapping rule.

• Select If user name if the role mapping parameter must be based on the user name. Select is/is not conditional expressions for the rule, click the Add button, and enter the new user names.
• Select If certificate has any of the attributes if the role mapping parameter must be based on the certificate attributes. Select is/is not conditional expressions for the rule, click the Add button, and enter the new values.
• Select If user has any of these custom expressions if the role mapping parameter must be based on the custom expressions. The collection-of-expressions button appears.
  1. Click the collection-of-expressions button to assign expressions. The expressions that were created for the selected authentication server appears.
  2. Select an existing expression from the Non-members area and click Add to assign the expression to the role-mapping rule.
  3. Click New and create an expression to assign a new expression to the role-mapping rule. For information on creating custom expressions and using the Expression Dictionary, refer to “Creating a Custom Expression for an Authentication Server (NSM Procedure).”

  Note: You can create a custom expression in a device template, but you cannot validate the custom expression. The Validate button is not enabled in the Custom Expressions editor for device templates.

is/is not

Note: This option is enabled only if you select either if username or if certificate has any of the attributes as the role mapping rule type.

Specifies the conditional expression used in the rule.

Select an option from the drop-down list.

New

Specifies the rules that are used for matching.

Enter the respective rule matching entries.

• Enter a new username if you select if username as role mapping rule type.
• Enter a new expression if you select if user has any of these custom expressions as role mapping rule type.
• Enter a new value if you select if certificate has any of the attributes as role mapping rule type.

Attribute

Specifies the role mapping role attributes.

Note: This option is enabled only if you select if certificate has any of the attributes as the role mapping rule type.

Enter an attribute name.