Applicable to Version : 10
This article describes how to import Active Directory groups for the purpose of authentication and define policies.
· Active Directory server configured in Cyberoam.
Refer How To – Implement Single Sign On Authentication with Active Directory, if you have already not integrated AD server and cyberoam.
Once you have configured and added AD details select Identity --> Authentication -->Authentication Server and click Import Group(s) link against the AD server from which you want to import AD groups.
Follow the on-screen steps:
Step 2: Specify Base DN. Cyberoam will fetch AD groups from the specified Base DN.
To import users from default AD Container:
Note: - String for Base DN* - cn=user, dc=Cyberoam, dc=local
To import users from custom AD Container:
Note: - String for Base DN*
- ou=Internet Groups, dc=Cyberoam, dc=local
If multiple custom containers are created, repeat the entire process for each container.
Step 3: Select Groups that are to be imported in Cyberoam. Use <Ctrl> + Click to select multiple groups. All the groups (not imported and already imported groups in Cyberoam) created in AD are displayed. * besides the group name indicates that the group is already imported to Cyberoam.
Use arrows to move groups across the group lists.
Step 4: Select various policies (Surfing Quota, Access time, Bandwidth, Internet Access and Data transfer) and user authentication time out to be applied on the group members.
By default, “Attach to all the Groups” is enabled, hence Cyberoam will attach same policies to all the imported Groups i.e. common policies across the imported groups.
Do not enable “Attach to all the Groups” for the policy if you want to specify:
· different policy for all the groups
· specific policy to all the groups
· specific policy to a specific group
For example if you want to specify different Internet Access policy to different groups, do not enable “Attach to all the Groups”.
Step 5: If you have disabled “Attach to all the Groups”, specify policies to be applied to each group
Once you close the Wizard, Manage Groups page will be opened. All the imported groups are appended at the end of the list. All the imported groups are appended at the end of the list on the Manage Group page.
If user is the member of multiple AD groups, Cyberoam will decide the user group based on the order of the groups defined in Cyberoam. Cyberoam searches Group ordered list from top to bottom to determine the user group membership. The first group that matches is considered as the group of the user and that group policies are applied to the user.
Re-ordering of groups to change the membership preference is possible using Wizard.
Document Version: 1.0-05/05/2010