Hello - I have a Perspective project that has Public access on an 8.1.15 gateway. I have a specific button that has the ‘Enabled’ property bound to the expression isAuthenticated(false,“Authenticated”). My understanding is that this would allow any user that authenticates against my IDP to use the button. My IDP is configured against an AD/Hybrid user source, and as part of the AD config I have a couple of groups configured (so as to limit the number of users in this group).
While I’m part of the users in the user source and can log in as expected (and get the button functionality enabled), I had another user that is NOT part of the user source attempt to log in. She was able to log in and then also had the button functionality enabled. We then used the Identity Providers → Test Login to see if that worked, and it indeed did, though as expected she did not have any roles. So while I can certainly add roles as part of my expression above, the larger issue (in my mind) is that you can authenticate against an AD-backed IDP even if the user is not present in the group filters. Can someone validate if that is expected?