Configuring user access – HP Identity Driven Manager Software Licenses User Manual
Page 112
3-48
Using Identity Driven Manager
Configuring User Access
Configuring User Access
The process of configuring User access to network resources using IDM is simplified
through IDM’s ability to learn User information from the Active Directory or
RADIUS server, and the use of Access Policy Groups.
If Active Directory synchronization is enabled, IDM creates an Access Policy Group
for each Active Directory group selected in User Directory Settings preferences and
adds the users assigned to the Active Directory group to that Access Policy Group
in IDM. Users are assigned to Access Policy Groups based on the rules explained in
Using Active Directory Synchronization (see page 2-42).
If you do not use Active Directory synchronization, once you have configured the
Access Policy Groups, you simply assign users to an APG. The next time the user
attempts to log in to the network, IDM uses the rules in the user’s Access Policy
Group to dynamically configure the edge switch to provide the appropriate access to
the network.
Click the Users tab on the Access Policy Group or Domain window to display the
list of users. (See “Domain Users tab” on page
The Users list identifies every defined user and contains the following information
for each user:
Table 3-10. Users list parameters
Column
Displays...
*
Whether the user is currently logged in:
User is logged in.
User is logged out.
The button is greyed out if session accounting is disabled.
Name
Users full name as defined in Active Directory.
Last Login Attempt
Date and time the user last attempted to log in, regardless if the login
failed or succeeded
Auth ID
Identifier used by user to access the network
This will be the user machine's MAC address if MAC authentication is
used for network access. It will be the user's Active Directory login
account name if 802.1x authentication is used for network access.
Device
Device name associated to user
Access Policy Group Access policy group to which the user is assigned
Phone
User’s phone number
User’s email
Owner
Active Directory login account name of the user identified by Auth ID