Вы находитесь на странице: 1из 7

How To - Implement Single Sign On Authentication with Active Directory

How To - Import Active Directory Groups

Applicable to – V 9.5.3. build 14 onwards

This article describes how to import Active Directory groups for the purpose of authentication and
define policies.

Prerequisites:
• Active Directory server configured in Cyberoam. Refer How To – Implement Single Sign On
Authentication with Active Directory, if you have already not integrated AD server and
cyberoam.

Step 1. Import AD group

Once you have configured and added AD details, select User → Authentication Settings
and click Import Group(s) link against the AD server from which you want to import AD groups.

1
How To - Implement Single Sign On Authentication with Active Directory

Follow the on-screen steps:


Step 2: Specify Base DN. Cyberoam will fetch AD groups from the specified Base DN.

To import users from default AD Container:

To import users from custom AD Container:

2
How To - Implement Single Sign On Authentication with Active Directory

If multiple custom containers are created, repeat the entire process for each container.

Step 3: Select Groups that are to be imported in Cyberoam. Use <Ctrl> + Click to select multiple
groups. All the groups (not imported and already imported groups in Cyberoam) created in AD are
displayed. * besides the group name indicates that the group is already imported to Cyberoam.

Use arrows to move groups across the group lists.

Step 4: Select various policies (Surfing Quota, Access time, Bandwidth, Internet Access and Data
transfer) and user authentication time out to be applied on the group members.

3
How To - Implement Single Sign On Authentication with Active Directory

By default, “Attach to all the Groups” is enabled, hence Cyberoam will attach same policies to all
the imported Groups i.e. common policies across the imported groups.

Do not enable “Attach to all the Groups” for the policy if you want to specify:
• different policy for all the groups
• specific policy to all the groups
• specific policy to a specific group

For example if you want to specify different Internet Access policy to different groups, do not
enable “Attach to all the Groups”

4
How To - Implement Single Sign On Authentication with Active Directory

Step 5: If you have disabled “Attach to all the Groups”, specify policies to be applied to each group

Step 6: View Results page displays successful message if groups are imported and policies are
successfully attached else appropriate error message will be displayed.

5
How To - Implement Single Sign On Authentication with Active Directory

All the imported groups are appended at the end of the list on the Manage Group page.

6
How To - Implement Single Sign On Authentication with Active Directory

If user is the member of multiple AD groups, Cyberoam will decide the user group based on the
order of the groups defined in Cyberoam. Cyberoam searches Group ordered list from top to
bottom to determine the user group membership. The first group that matches is considered as the
group of the user and that group policies are applied to the user.

Re-ordering of groups to change the membership preference is possible using Wizard.

Document Version: 2.0-14/05/2008

Вам также может понравиться