Client Authentication Agent causes user's group to reset to "Open Group" on login.

Question

I have a number of users divided into different groups with different access and time limitations. I've found that whenever a user logs in using CAA on Windows, their group changes back to the "Open Group". 
 All the users in question are authenticated via LDAP and the Open group is the default group. However, that seems like it should only apply to their first login. After their account is created in XG, the assigned group should stay and not be reset during an authentication action.

TroyCarpenter · Accepted Answer

Thanks. Following the KB article, I didn't get the import option with my LDAP server. However, after doing some thinking of what the KB article was talking about, I did come across the answer. 
 It turns out the default lookup field for the group is "gid", but my user records on the server didn't have that attribute (nor did the schema for my users include it). Instead I re-purposed another field that wasn't being used (employeeType). Once I changed the LDAP entry in XG to use that for the group, and put the name of the group I wanted into that attribute in the user record, the next time the user authenticated by any method, their group changed as expected.

Aditya Patel · Answer

Hi Troy , 
 When you configure the LDAP server on XG with successful test, connection You would need to import the Groups first as indicated on the left of your LDAP server list. Refer article https://community.sophos.com/kb/en-us/123158 for your reference. 
 After the Groups are being Imported , The Open Group would be at the top most position . We would need you to reorder the Group and Assign the Open Group at the bottom of the imported Groups . 
 This should resolve your issue. 
 Thanks and Regards 
 Aditya Patel | Network and Security Engineer.