Chapter 4 Setting Up User and Group Access Policies
This chapter describes how to define users and groups and how to configure SSL VPN Concentrator access policies and bookmarks for the users and groups. This chapter includes the following topics:
•Determine Your Requirements
•Users, Groups and Global Policies
•Global Policies
•Groups Configuration
•Users Configuration
•Using Network Resource Objects to Simplify Policies
Determine Your Requirements
The ProSafe SSL VPN Concentrator 25 provides an extremely flexible and granular architecture for managing users and groups. Depending on your requirements, you can implement a simple or complex policy structure. Some general guidelines are:
•If you have a small number of users, all with the same privileges, and no central authentication server, you can just add your users to the SSL VPN Concentrator’s local user database, using the default group and domain.
•If you use a RADIUS, LDAP, NT or Active Directory authentication server, you do not need to add individual users into the SSL VPN Concentrator unless you wish to define specific policies or bookmarks per user. Configure groups using the same group names as defined in your authentication server.
Note: When adding Group/Global policies, if the user is authenticated using an 
external repository such as Microsoft NT or RADIUS, then the user name must
be added to the local database. If the user is authenticate by the LDAP repository, then the user is added to the policy automatically.
