07-24-2019 09:05 AM
Is it possible to create either an Identity or Access Policy scoped to a group of AD computer objects? We currently restrict a group of workstations by adding their IPs to an identity. This is cumbersome, as the IPs need to be reserved ahead of time and explicitly added to the WSA identity. It would be much easier if we could associate it to an AD group where we could delegate some permission to modifying that group as access needs to be restricted. Thoughts?
Thanks,
Tim
07-24-2019 08:42 PM
Dear Tim,
Please find my inputs below -
1. Active directory can be integrated with WSA. Steps to integrate are given in the user guide -
2. Once the AD is integrated, WSA can pull group information from WSA, these groups can be leveraged in the access policies to apply restrictions.
3. Click on the group hyperlink and WSA will display the group information.
Regards,
Ashish Varghese
*** Rate All Helpful Responses ***
07-24-2019 08:44 PM
Hello Tim,
you can put all these computers in a group on AD and call the group or individual usernames in the access/decryption policies, whenever these systems try to go out the network on 80/443 the wsa will be able to match the policies you set for them.
Regards
Shikha Grover
PS: Please don't forget to rate and select as validated answer if this answered your question
07-25-2019 07:12 AM
I have tried that in the past and it doesn't seem to work. To be clear, I'm talking about adding Computer objects to the group, not user objects. The WSA only seems to be able to look at the logged in user. The computer name never shows up anywhere in the logs. Are you sure the WSA has this capability? User identification has always worked as expected via Kerberos.
07-25-2019 07:45 AM
07-25-2019 08:22 AM
Thanks Ken,
Confirms what I'm seeing and means that the WSA cannot do what I had hoped. I would think others may benefit from that feature so maybe an enhancement down the road?
Tim
07-26-2019 06:02 AM
Tim,
you are right, I was talking about user objects. Let me check if I can file an FR for you.
Regards
Shikha Grover
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide