v2.0, May 2007
Chapter 4
Setting Up User and Group Access Policies
This chapter describes how to define users and groups and how to configure SSL VPN
Concentrator access policies and bookmarks for the users and groups. This chapter includes the
following topics:
• Determine Your Requirements
• Users, Groups and Global Policies
• Global Policies
• Groups Configuration
• Users Configuration
• Using Network Resource Objects to Simplify Policies
Determine Your Requirements
The ProSafe SSL VPN Concentrator 25 provides an extremely flexible and granular architecture
for managing users and groups. Depending on your requirements, you can implement a simple or
complex policy structure. Some general guidelines are:
• If you have a small number of users, all with the same privileges, and no central authentication
server, you can just add your users to the SSL VPN Concentrator’s local user database, using
the default group and domain.
• If you use a RADIUS, LDAP, NT or Active Directory authentication server, you do not need
to add individual users into the SSL VPN Concentrator unless you wish to define specific
policies or bookmarks per user. Configure groups using the same group names as defined in
your authentication server.
Note: When adding Group/Global policies, if the user is authenticated using an
external repository such as Microsoft NT or RADIUS, then the user name must
be added to the local database. If the user is authenticate by the LDAP
repository, then the user is added to the policy automatically.