Hi,
I’m currently using ldap auth (Active Directory) for all human.
I created a mapping between LDAP group <-> AD groups.
I can do the same mapping with the Identity Engine (groups alias).
Does someone know the pro/cons of each method ?
Thanks you
I attempted to summarize the features of both use cases in my Vault Policy Guide.
In short, you’ll have a lot more flexibility assigning and evaluating policies using the Identity Groups than you will assigning policy directly to roles, but it comes at a cost of added complexity.
1 Like