On the Definitions & Users > Users & Groups > Groups page you can add user groups to Sophos UTM. In its factory default configuration, Sophos UTM has one user group called SuperAdmins. If you want to assign administrative privileges to users, that is, granting access to WebAdmin, add them to the group of SuperAdmins; this group should not be deleted.
Tip – When you click on a group definition in the Groups list, you can see all configuration options in which the group definition is used.
To add a user group, proceed as follows:
On the Groups tab, click New Group.
The Add Group dialog box opens.
Make the following settings:
Group name: Enter a descriptive name for this group. Note that this name does not need to correspond to the names of your backend groups.
Group type: Select the type of the group. You can choose between a group of static members and two group types promoting dynamic membership.
Backend membership: Users are dynamically added to a group definition if they have been successfully authenticated by one of the supported authentication mechanisms. To proceed, select the appropriate backend authentication type:
Limit to backend group(s) membership (optional; only with backend groups Active Directory or eDirectory): For all X.500-based directory services you can restrict the membership to various groups present on your backend server if you do not want all users of the selected backend server to be included in this group definition. The group(s) you enter here once selected this option must match a Common Name as configured on your backend server. Note that if you select this option for an Active Directory backend, you can omit the CN= prefix. If you select this option for an eDirectory backend, you can use the eDirectory browser that lets you conveniently select the eDirectory groups that should be included in this group definition. However, if you do not use the eDirectory browser, make sure to include the CN= prefix when entering eDirectory containers.
Check an LDAP attribute (optional; only with backend group LDAP): If you do not want all users of the selected backend LDAP server to be included in this group definition, you can select this checkbox to restrict the membership to those users matching a certain LDAP attribute present on your backend server. This attribute is then used as an LDAP search filter. For example, you could enter groupMembership as attribute with CN=Sales,O=Example as its value. That way you could include all users belonging to the sales department of your company into the group definition.
Comment (optional): Add a description or other information.
The new user group appears on the Groups list.
To either edit or delete a group, click the corresponding buttons.
|© 2019 Sophos Limited
|Sophos UTM 9.600