WSO2 Identity Server 3.0 has a brand new feature that allows users to be authenticated based on a set of XACML policies.
Use case - Allow only users with customer-care role to login to Cloud Based Microsoft Dynamic server.
1 - Configure logging into Microsoft Dynamic server using SSO by following this link.
2 - Make sure you have set the "Enable Authorization" tick in Service Provider > Local & Outbound Authentication Configuration.
3- Then Go to Entilement > Policy Administration in the left hand menu
4 - Select the authn_role_based_policy_template. Edit it to have the Service Provider name as "CRM" (or the name you have given to the Microsoft Dynamic Server. Change the the role name as "customer-care" and publish it to My PDP.
That is it!
Use case - Allow only users with customer-care role to login to Cloud Based Microsoft Dynamic server.
1 - Configure logging into Microsoft Dynamic server using SSO by following this link.
2 - Make sure you have set the "Enable Authorization" tick in Service Provider > Local & Outbound Authentication Configuration.
3- Then Go to Entilement > Policy Administration in the left hand menu
4 - Select the authn_role_based_policy_template. Edit it to have the Service Provider name as "CRM" (or the name you have given to the Microsoft Dynamic Server. Change the the role name as "customer-care" and publish it to My PDP.
That is it!