SSO restriction by AD groups

Orad
Orad Posts: 16
Friend Collector
Hello everyone,
I've got SSO working with AD authentication.
But, i'm confused on how to restrict access based on AD Groups. Is it possible?
also, about non AD devices, can i create an exception list?
thank you

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @Orad

    You can add multiple AD server profiles on your device. Please refer to the below steps:

    Configuration-> Object -> AAA Server -> Active Directory


    And adding customized authentication methods for different AD authentication purposes.

    Configuration -> Object -> Auth. Method -> Authentication Method


    BTW, if you don’t want to use AD authentication method for some devices, you can create local user accounts for those devices. Configuration -> Object -> User/Group -> User -> Add



    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • Orad
    Orad Posts: 16
    Friend Collector
    Thank you Jeff for your answer, it explains what i needed!
    Now, if i understand it correctly - Base DN is used to channel restriction to a AD group or OU, is that correct? 
    I can create a group in AD, and instead of "dc=domain,dc=local" for all users in the domain, set "dc=doman,dc=local,cn=AllowGroup" to allow only users in AD group AllowGroup?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Your understanding is correct.
    Base DN is the AD accounts directory access path on your AD server.
    BTW, if you would like to restrict AD user to access what kind of web domain and content.
    You can add an ext-group-user user account and add security policies to restrict this, please refer to the below steps:
    Configuration->Object->User/Group>User->Add 
    Entering user name, User type, Group Identifier(Base DN), Associated AAA object.

    Adding Security policies to define the AD group user who can access what kind of web domain and content.



    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

Security Highlight