Hello,

We are new to UAG and trying to get a handle on things. 

We have a situation where we need to "restrict" 4 subdomains which are only accessible by users who are members of their OU group in AD.

For example:

1. we have 4 subdomains called group1.oursite.com, group2.oursite.com,  group3.oursite.com,  group4.oursite.com.
2. Users will have to either have to be in one of the groups in AD called group1, group2, group3, and group4.
3. How do we go about in setting up a UAG login form where when a user logs in, it checks to see which AD group they belong in and then redirects (and secures them) them to their subdomain? This way, when another user who belongs to another group, won't be able to access the subdomains they don't belong in and will be logged out.

Login example:

1. User jsmith belongs in AD group, group3 and has access to group3.oursite.com
2. He logs in and is redirected to group3.oursite.com automatically.
3. Then he realizes that he wants to try and enter the url of  "group1.oursite.com" manually in his browser to see what he can access and anything under that subdomain. Because he does not belong in the AD group of "group1", he will be automatically restricted from accessing group1.oursite.com or is forced to login to that site.

Can this be done and if so, how would we do it?

Thanks

Hello Lawrence, 

We call this as "Conditional" Appwraps.

AppWraps and SRAs could be used to Manipulate the data that is flown. 

http://blogs.technet.com/b/ben/archive/2011/05/12/appwrap-and-sra.aspx 

http://blogs.technet.com/b/edgeaccessblog/archive/2009/11/17/appwrap-in-uag-what-s-new.aspx 

Here is the advanced IAG guide (This could be used for UAG as well) which can explain about this.

http://download.microsoft.com/download/2/F/9/2F9D9113-B84B-4838-98A0-A3AEFA6608E2/IAG_AdvancedUserGuide.pdf

In Short, whatever you are asking could be done using UAG, but it requires some complex customization