SSO restriction by AD groups
All Replies
-
Hi @Orad
You can add multiple AD server profiles on your device. Please refer to the below steps:
Configuration-> Object -> AAA Server -> Active Directory
And adding customized authentication methods for different AD authentication purposes.
Configuration -> Object -> Auth. Method -> Authentication Method
BTW, if you don’t want to use AD authentication method for some devices, you can create local user accounts for those devices. Configuration -> Object -> User/Group -> User -> Add
See how you've made an impact in Zyxel Community this year!
0 -
Thank you Jeff for your answer, it explains what i needed!
Now, if i understand it correctly - Base DN is used to channel restriction to a AD group or OU, is that correct?
I can create a group in AD, and instead of "dc=domain,dc=local" for all users in the domain, set "dc=doman,dc=local,cn=AllowGroup" to allow only users in AD group AllowGroup?0 -
Hi @OradYour understanding is correct.Base DN is the AD accounts directory access path on your AD server.BTW, if you would like to restrict AD user to access what kind of web domain and content.You can add an ext-group-user user account and add security policies to restrict this, please refer to the below steps:Configuration->Object->User/Group>User->AddEntering user name, User type, Group Identifier(Base DN), Associated AAA object.
Adding Security policies to define the AD group user who can access what kind of web domain and content.
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight