Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 1919 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authentication with Active Directory Users

Jonnie

Hey together, 

A short follow up to my questions regarding the AD sync issues. The original thread MR3 was closed.

So I checked the behaviour at our XG once again, now with MR3. I can add a user in our AD group and i'm able to connect the ssl vpn. After that I removed the user from the group and tried to reconnect. 

It was also possible. I checked the Users Group, it was now "Open Group" as mentioned from 

Checked the assigned remote access of "Open Group" --> no policy applied. So I checked the user configuration, were the vpn configuration of the AD group was still applied. That's nuts? 

Next try, I set up a new default group where all settings are denied or not set. Not able to connect to ssl vpn but still able to login at the user portal.  If I remove a user from their corresponding AD groups, there shouldn't be any further access to the systems. 

What am I missing? Any Ideas?  

Regards and thanks in advance,

Jonny



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Thanks for your explanation. 

    A) I understand that a user are able to access the user portal as long as he is existing. But why? If I understand it correctly I have technically no chance to lock out a user from xg per group assignment until I delete him? A hard coded default group with "Deny all" would be great, or just an "active" checkbox ?

    B) What excatly do you mean with " is the user is removed from the configuration" ? Also delete him from the XG? 

    C) Can you please give me a best-practise how to setup the XG, that I'm able to control which user is allowed to connect with ssl vpn per AD group assignment and also if I remove the user from AD group that the user is not able to connect? Without any further configurations by hand. That would be awesome. 

  • 0 in reply to Jonnie

    sorry that I'm askign again, but is it possible to disable a user completely by AD groups or not? In my opinion this is a really important security feature. I'm wondering that nobody else care about this.