Secure Mobile Access 12.4 Administration Guide

Managing Users and Groups Mapped to External Repositories

Unless defined as members of the local user authentication store, users and groups are not stored directly on the appliance, but are instead referenced from external user directories. In most cases, you manage individual users in AMC only when you need to assign them permissions that are different from those that their group membership allows. There are two ways to form groups of users in AMC using information stored in external directories:

  • Use the same group names as the external directory. In most directories, similar user accounts are grouped together so they can be granted similar rights and permissions. Assuming that your directory is organized in this way, your user management on the appliance is usually centered around groups, not users. Set up the appliance to reference user groups stored in your directory, and then reference those groups in access control rules.
  • Query the external directory using common attributes. The results can be used to create a new group (one that is not referenced in the external directory) that can be used in access control rules. You might create a new group named “Local employees” by querying the directory for all employees living within a given set of zip codes.

For Microsoft Active Directory and LDAP directories, there are several ways to add groups (this feature is not available for adding users referenced by a RADIUS realm or in the local user store):

  • Manually type a distinguished name (DN)

  • Search the contents of the directory and select groups from a list

  • Build a dynamic group expression

For testing and evaluation purposes, you can also create local users on the appliance. See Managing Local User Accounts.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.