Tutorial: Adding Groups to Access Server
Add user groups in Access Server to allow group-defined access to services and resources.
Overview
This tutorial provides an overview of creating user groups in Access Server.
An installed Access Server.
Admin Web UI access.
Configure your server's authentication before adding any user accounts. The default authentication method is local, where the authentication resides on your server. If you choose this authentication method, you can skip forward to adding new users.
For other authentication methods, refer to the appropriate tutorial:
Sign in to the Admin Web UI.
Click User Management > Group Permissions.
Enter a group name in the New Group field on the last table row.
Configure the settings for the new group with the checkboxes:
Click Admin to promote all users associated with this group to admin privileges.
Click Allow Auto-login to allow downloading an auto-login profile.
Click Deny Access to prevent users in the group from gaining access to the server.
Click Delete to remove the group from Access Server.
Click More Settings.
Additional group settings display.
Select the group's authentication method.
Tip
You can leave the authentication as the default method or choose a different authentication method by selecting the radio button. If the option is disabled, you must first configure the authentication method before it’s available for users.
Enable MFA if desired.
For local authentication, set the local password settings.
Define a subnet from which Access Server assigns all group addresses and the range within that subnet.
Caution
If you assign a user a static IP and assign that user to a group with the VPN IP addresses defined, then that IP address must be within the range of the group subnet.
Set up access control and client scripting if desired.
You can now assign users to the group from the User Permissions page or dynamically with a post-auth script (e.g., LDAP group mapping with a post-auth script).