Managing Users and Groups Mapped to External Repositories
Unless defined as members of the local user authentication store, users and groups are not stored directly on
the appliance, but are instead referenced from external user directories. In most cases, you manage individual
users in AMC only when you need to assign them permissions that are different from those that their group
membership allows. There are two ways to form groups of users in AMC using information stored in external
- Use the same group names as the external directory. In most directories, similar user accounts are
grouped together so they can be granted similar rights and permissions. Assuming that your directory is
organized in this way, your user management on the appliance is usually centered around groups, not
users. Set up the appliance to reference user groups stored in your directory, and then reference those
groups in access control rules.
- Query the external directory using common attributes. The results can be used to create a new group
(one that is not referenced in the external directory) that can be used in access control rules. You might
create a new group named “Local employees” by querying the directory for all employees living within a
given set of zip codes.
For Microsoft Active Directory and LDAP directories, there are several ways to add groups (this feature is not
available for adding users referenced by a RADIUS realm or in the local user store):
Manually type a distinguished name (DN)
Search the contents of the directory and select groups from a list
Build a dynamic group expression
For testing and evaluation purposes, you can also create local users on the appliance. See Managing Local User Accounts.
Was This Article Helpful?
Help us to improve our support portal