Atrium SSO authenticates users in nested AD groups correctly, but TrueSight does not handle the authorization in the same way.
User A is member of AD Group 1
AD Group 1 is member of AD Group 2
AD Group 2 is mapped to Authorization Profile I
When User A is logging in the message appears he/she is not authorized. Authentication succeeds, otherwise the message wrong user/wrong password would appear.
Is either AD Group 1 mapped to Authorization Profile I or User A added to AD Group 2, then authorization succeeds (current workaround).
Nesting offers role based and access based AD group administration. A user can have one role (group) with many access groups assigned, including the one for accessing TrueSight. The access group can be assigned to many role groups.
This will make user/group administration in AD much more easier, understandable and reusable.