SSO restriction by AD groups

Options
Orad
Orad Posts: 16
Friend Collector
Hello everyone,
I've got SSO working with AD authentication.
But, i'm confused on how to restrict access based on AD Groups. Is it possible?
also, about non AD devices, can i create an exception list?
thank you

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,066  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Orad

    You can add multiple AD server profiles on your device. Please refer to the below steps:

    Configuration-> Object -> AAA Server -> Active Directory


    And adding customized authentication methods for different AD authentication purposes.

    Configuration -> Object -> Auth. Method -> Authentication Method


    BTW, if you don’t want to use AD authentication method for some devices, you can create local user accounts for those devices. Configuration -> Object -> User/Group -> User -> Add


  • Orad
    Orad Posts: 16
    Friend Collector
    Options
    Thank you Jeff for your answer, it explains what i needed!
    Now, if i understand it correctly - Base DN is used to channel restriction to a AD group or OU, is that correct? 
    I can create a group in AD, and instead of "dc=domain,dc=local" for all users in the domain, set "dc=doman,dc=local,cn=AllowGroup" to allow only users in AD group AllowGroup?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,066  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Your understanding is correct.
    Base DN is the AD accounts directory access path on your AD server.
    BTW, if you would like to restrict AD user to access what kind of web domain and content.
    You can add an ext-group-user user account and add security policies to restrict this, please refer to the below steps:
    Configuration->Object->User/Group>User->Add 
    Entering user name, User type, Group Identifier(Base DN), Associated AAA object.

    Adding Security policies to define the AD group user who can access what kind of web domain and content.


Security Highlight