Hi people! I have an application that which uses the same AD account from user, adding application specific groups. I had already did this with the AD source, and creating a new AD source, with search restricted group filters (ex CN=app*).
Client is asking me pros and cons of doing this way, vs using an application. Besides the fact that source configuration resides in only one point, is there some other benefit? On the other side, I see that application does not manage individual entitlmenents. If they have not defined packages of AD groups, this can be prohibitive right? For example, if they add a new group for the app on AD, they have to create a new access profile?