I have users in two domains that need access to Qlik Sense. I am syncing one root AD group in domain A with my UDC. All users are members of this group through group nesting. Everything works fine within domain A.
I can even add domain B users to a nested group in domain A and they will be created in Sense.
However, none of the domain B users' group membership is brought in with it.
We are using custom properties mapped to an AD group to assign permissions in Sense so the users from domain B have no permissions.
Domain B users are direct members of group1 in Domain A that is a member (nested) of group2 that is synced with a Sense UDC.
We have a two-way transitive trust between the domains.
My question is, how do I get the UDC (AD/LDAP) to resolve the group membership of users in an external domain?