Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 600 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Sophos Connect AD Groups

Mathias Reitinger

Hi all,

i`m trying to use AD Groups for the authentication of Sophos Connect Users.

Can someone confirm that this new feature is working?

Mathias



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Sophos Connect Client supports AD users and groups, and it works perfectly. Did you notice any issue with it? 

    Thanks,

  • 0 in reply to FormerMember

    Hi Patel,

    i have 2 AD groups

    Group OTP (User in this group need OTP Token)

    Group VPN (User have VPN Access)

    User A is member of both Groups, and when i try to authenticate a get an error. The User is only in the OTP Group.

    This is a completely different behavior to UTM or any other system where i use AD authentication.

    Regards,

    Mathias

  • 0 in reply to Mathias Reitinger

    In XG, there is something called "Primary group". This group is the group, shown in the webadmin. XG fetches all groups in the background, but some modules are not capable of using the fetched groups and only rely on the primary group. Sophos Connect IPsec is one of those modules. It can only grant access to the group, seen on the XG. 

    You can restrict the access to the network with user based rules in the firewall, if you like. 

Reply
  • 0 in reply to Mathias Reitinger

    In XG, there is something called "Primary group". This group is the group, shown in the webadmin. XG fetches all groups in the background, but some modules are not capable of using the fetched groups and only rely on the primary group. Sophos Connect IPsec is one of those modules. It can only grant access to the group, seen on the XG. 

    You can restrict the access to the network with user based rules in the firewall, if you like. 

Children
No Data