User Management: Group Permissions

ON THIS PAGE

About the Page

User Management: Group Permissions allows you to configure the settings for Access Server Clients at a group level. These configurations take precedence over any global settings. If a user setting is not defined, then the group configurations are used.

Group Permissions page:

group permissions page

Group Permissions 

This page provides you with a table that allows you to configure permissions by simply checking a box. Under the More Settings option you have additional configurations. You can also choose to assign the group permissions from a defined group as the default settings for a user that is not assigned to a specific group.

Group

Enter a new group by inputting a name into the New Group text box at the bottom of the table. Configure the settings for the new group by clicking More Settings and by checking the boxes. The settings will not be committed until you click Save Settings

Admin

Check this box to grant access to the Admin Web UI for the entire group.

Allow Auto-login

Check this box to enable auto-login profiles for the entire group. This is a client configuration that enables connecting to the VPN without authenticating with a password. This is useful to connect Gateway Clients or machines that should always have a VPN connection. 

Deny Access

Check this box to revoke a group’s privileges. 

Delete

Check this box to delete a group record. This will not delete the individual users in that group.

More Settings

More settings can be configured by clicking the edit icon. These settings are group specific; they take precedence over any global settings when individual user settings are not defined.

More Settings

local password settings

Local Password Settings

You can choose whether to allow password changes and/or enable password strength checking in the Client Web Server (CWS) with these configuration options.

Allow password change from CWS:

  • Default = Inherit the global setting (defined in CWS settings).
  • Yes = users within the group can change their password after logging in to the CWS.
  • No = users within the group will not have an option to change their password and it must be managed by you or another administrator.

Enable password strength checking in CWS:

  • Default = Inherit the global setting as they are defined in CWS settings.
  • Yes = users within the group must create a new password that validates with these rules: must be at
  • least 8 characters and must contain a digit, an Uppercase letter, and a symbol from !@#$%&’()+,-/[\]^_{|}~<>.

  • No = users within the group can create any password of any length that they choose.

VPN IP Addresses

This section allows you to define a subnet from which all group addresses are assigned. You are also able to define the range within the subnet from which the group is assigned. Be aware that if a user is assigned a static IP, then that IP address must be within the range of the group subnet. Please click here for more information regarding this configuration. 

Access Control: 

If used, only specific subnets and services can be accessed by connected group members. Currently, you can ignore Allow Access To groups and Allow Access To users. Allow Access To users does not currently function and Allow Access To groups does not allow you to configure which group networks the select group has access to. To allow access to groups and users, you will need to manually input their IP address and include the proper services. 

Access Control section

Client Scripting:

You can allow Client Scripting or not. When Yes is selected, the options to push scripts for Windows, Mac, and Linux Operating Systems display. These scripts execute based on when users and admins connect and disconnect respectively. Therefore, you have the option to push scripts for all four scenarios. 

Client Scripting section.

By clicking any of the bracketed text, more settings appear. You can push scripts that will be executed by the client and you can define the environment variables that any of these scripts may depend on. For more information about client scripting please click here.

Client Scripting section(expanded).

Summary

User Management: Group Permissions is not much different from the User Permissions. In fact, they are near identical in what configurations they provide. Of course, the distinguishing factors are that this page configures the client at the group level and that the you are able to push scripts to the client. These factors give you the ability to have a default configuration for a user assigned to a group if they do not have configurations at the user level.