Thanks for the feedback, Sam. I guess my only concern with mapping AD group to user role on the IVE is that now we will need to do the role mappings twice. Once on the IVE and then again on the UAC. So now, when there is a need to change role mappings in the future, we'll have to do it twice - on the UAC and the IVE. It seems it would be easier to have all role mapping done on the UAC only. Or am I missing something?
... View more