Grouping in SSL VPN – User Location and User Property User Storage Location
(5 votes, average: 5.00 out of 5)
Loading ...This last post of the disappearing 2009 is to share with you an interesting feature of StoneGate SSL VPN concerning definition of user groups.
The two possibilities offered by the solution allow to group users by User Location and by User Property.
While the first is pretty self explanatory, referencing a DN within a defined User Storage (e.g. OU=SSLVPN_Users,DC=example,DC=com), the second offers four possibilities:
- User Storage Location
- Custom Defined
- RADIUS Session
- SAML Session
RADIUS Session and SAML Session are as well quite self-defined, and Custom Defined is the ability of setting properties specific to user profiles (like Eyes = Blue or IsGuru = Yes).
User Storage Location within User Property group definition seems to overlap with the User Location definition, while it does not in real.
What it allows to do is to define a group membership by looking at a user profile attribute within a User Storage definition.
For example, suppose I have mapped the mobile phone number of a user as SMS notification number within Active Directory User Storage definition
(Manage User Accounts and Storage – User Storage – <a defined user storage> – Directory Mapping).
Here’s how I would reference this attribute to create a group of all Finnish users in a User Property – User Storage Location group.
Please note wildcards usage in Attribute Value for maximum flexibility.
If you are unsure about the value, you can click on View Users to list all the matching results of the query.
Groups defined can be used, for instance, when configuring Access Rules based on group membership.
Happy New Year, Felice Anno Nuovo, Onnellista Uutta Vuotta!
Leave a Reply
You must be logged in to post a comment.
Recent Comments