Our user database is getting large, currently hovering around 1600.
At present, Connector Manager has 3 rules setup.
1 for main users (including the 1600 above)
2nd is for special accounts
3rd is for testing.
I am currently working on breaking the users down into 5 groups of users based on internal departments, such that users in department 1 can use department 1 PCs... the "special accounts" will be set to login to anything.
I've fine on the Encryption Manager side of things... i've setup the groups and permissions.
I've also got groups setup in Active Directory.....
But its the Connector Manager side of things where i'm getting a little lost.
At present,t he main rule checks AD group "Encryption Users" and adds them.... Initially it just dumped all the users it found into group "Users" in EEM.
What i;m unsure on is what to go going forward.
I've currently got a group filtering rule setup, such that if the user account is in "Users - group 1" as well as "Encryption Users" group in AD, it gets put in the EEM group "Users - 1"
This is fine for now, but means users have to be specifically added to two groups in Active Directory... i've tried making "Users Group 1" a member of "Encryption Users" and it doesn't see the members of the group in a group.
What i am considering is whether i need 5 new connector rules/setups to cover each of the "groups" i've setup, but wonder if this is going to actually cause more problems.
So, some insight into how other people have done this would be useful (either having had to change things, or if it was planned and done correctly in the first place).