Define User Groups That Correspond To Role-based Groups In LDAP

Define User Groups That Correspond To Role-based Groups In LDAP

Overview

Creating User Groups based on LDAP users or Groups and enabling SSO authentication for that user.

Prerequisites

Integrate LDAP server with SafeSquid. If not see our document - Integrate Active Directory for SSO Authentication

Access The SafeSquid User Interface

Go to Configure Page

Go to Configure Page Section to define User Groups That Correspond To Role-based Groups In LDAP

Go to Application Setup

Go to Application Setup to define User Groups That Correspond To Role-based Groups In LDAP

Go to Access Restrictions

Go to Access Restrictions to define User Groups That Correspond To Role-based Groups In LDAP

Enable SSO Authentication

How to Enable SSO Authentication

Go to Allow list

Go to Allow list section

Change the order of Default entries

See the working of each default Entry here
How to Change the order of Default entries by clicking move down icon

Add LDAP users

Edit Policies to add LDAP users 
Edit Policies to add LDAP users 2 Enabled True option
Edit Policies to add LDAP users - add comment
If your LDAP server is not integrated then you will not see any users list in the drop-down menu
Edit Policies to add LDAP users - select LDAP User or Group
Edit Policies to add LDAP users - PAM Authentication
Edit Policies to add LDAP users - select Access option 
The config value in Access represents the SafeSquid Interface access
Edit Policies to add LDAP users - Remove Access option
Edit Policies to add LDAP users - Select Access option
Edit Policies to add LDAP users - Add Usergroup
Edit Policies to add LDAP users - Save policy

Creating Multiple User Groups

You can also create the new entry at the bottom, but again you want to re order the entries. So, clone is the better way to add new user groups.
Clone Entry to add more entry for more user or group
Edit policies to add new user groups -
Edit comment
Select LDAP User or Group
PAM Authentication for user 
Create New user Group or select existing user group
Modify Entry in allow list to define user group that correspond to role based groups in LDAP

Adding Administrators in ADMINS entry

Adding Administrators in ADMINS entry
Here you should Add the logged in user with his Username and Password.
Example:
Now, I am accessing my SafeSquid interface from my Active Directory server with the following details
User: Administrator@safeSquid.test
Password: sarva@12345
Then I will add this user in the ADMINS entry. 
View Administrator from LDAP server in LDAP profile
Select PAM authentication for Administrator from LDAP server in LDAP profile as true
Save policy for with PAM authentication for Administrator from LDAP server in LDAP profile as true
After saving policy for with PAM authentication for Administrator from LDAP server in LDAP profile as true can be view in allow list

Check the Entry for General Users

Check entry for general users in allow list
Testing User Authentication
To view User Authentication click on reports
To view User Authentication click on detailed log
Authenticated user can be seen in detailed log section
Click on statistics to view list of Authentication Failures
Check for Authentication Failures
Check for user list of Authentication Failures
Save Configuration
When you click on Save config, it will give you a prompt for asking the confirmation to store your configuration into the cloud. 
Select Yes only in below cases:
1) if you want to use this same configuration in other SafeSquid instances.
2) if your total configuration in all sections is completed and validated. 
Otherwise select No and click on submit 
Save configuration of policy that define user or user group    




    • Related Articles

    • Create User Groups based on network IP and LDAP (Active directory)

      Overview SafeSquid's Access Restriction section provides you an option to divide your users into specific user groups and use that user groups to define different set of Access Rules to that specific user groups. You want to define an access ...

    • Define User Groups that include or exclude users based on their Network IP

      Overview Creating User Groups based on their network IP Prerequisites Note: Avoid Locking Yourself to SafeSquid Interface When You Are Configuring Policies in Access Restrictions Access The SafeSquid User Interface Go to Configure Page Go to ...

    • IP based authentication

      Overview Almost all the proxy applications restrict access based on the IP address. Most of the organizations network administrator would always prefer to block access to a specific address or range of addresses that he/she suspect belong to ...

    • Access The SafeSquid User Interface

      Overview SafeSquid Proxy Service has a browser based intrinsic WebGUI, that allows users to configure, and manage its various features. To access the Interface, you must configure your web-browser to use the SafeSquid® proxy server. You should be ...

    • Generate Performance Plot From SafeSquid User Interface

      Overview This article helps you to understand, how to generate Performance plot from SafeSquid User Interface Access The SafeSquid User Interface click on Support, you will see below page Generate Performance Plot Save the Plot