Legacy RADIUS server IPs will be deprecated on Dec 17, 2018. Please see this KB for more info.

Support Center

Getting Started: Groups

Groups of Users and Groups of Systems enable you to perform group-based assignments to resources. User Groups provide your users access to resources. System Groups pool together your systems for policy enforcement and user account provisioning at scale. For User Groups, bind the distinct resources you would like to allow users to access (e.g. applications, LDAP resources, networks and more). For System Groups, bind the User Groups you want to provide bulk-access to, and assign system policies en masse.

Group of Users

To create a Group of Users, individual users should be created first, see Getting Started: Users. When ready to create the user group, go to Groups, select the +, and choose 'Create Group of Users'.  This will present a New User Group side panel:



Here you can define:
  • Group Name:  This is an arbitrary descriptive value for the group's purpose
  • Create Linux group for this user group: (Optional) If enabled, Linux group name and Group GID must be defined. Members of this group will be added to new or existing Linux groups on supported OS's. If the group is bound to LDAP, it will be added to the posixGroup objectClass. 
  • Samba Authentication: (Optional) Enables LDAP Samba Schema, see Enabling Samba with JumpCloud LDAP for more information
Note: Linux group name currently does not support for hyphens at this time.

Next, define the users that should belong to the group.  



After defining the group members, the group can be bound to one or more resources. With all resources, access is implicit deny. In order to grant access, they must be explicitly bound to the resource. The resources a Group of Users can bind to are:
  • A Group of Systems - Binding a Group of Users to a Group of Systems will also be reflected in the Users tab in that Group of Systems.
  • SSO application(s) 
  • RADIUS server(s) 
  • Directories (G Suite, Office 365, JumpCloud LDAP)
It's important to determine a binding scheme that will work according to the organizational needs.  It may be best to create a group to bind to a single type of resource, e.g.; A Group of Users containing developers bound to a Group of Systems containing production infrastructure.

If the use case requires that a specific Group of Users should also have unique access to another resource such as a RADIUS-enabled WAP, then it can make sense to bind the user group to multiple resource types, but doing so could limit the amount of control in the future if access needs to be segregated; removing or adding users to the group would grant or revoke access to all of the resources the group is bound to.
 

Group of Systems

To create a Group of systems, systems should be added first, see Getting Started: Systems. When ready to create the system group, go to Groups, select the +, and choose 'Create Group of Systems'.  This will present a New System Group side panel:



Here you can define:
  • Group Name:  This is an arbitrary descriptive value for the group's purpose
Next, define the systems that should belong to the group.  



After defining the group members, the group can be bound to one or more Group of Users. Access is granted and revoked as defined above with Group of Users, this is only another method to accomplish the task

Binding Groups of Systems to Groups of Users in this view will be reflected in the corresponding group of Users object.


 

Last Updated: Sep 06, 2018 11:46AM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete