beautypg.com

Configuring user access – HP Identity Driven Manager Software Series User Manual

Page 112

background image

3-48

Using Identity Driven Manager
Configuring User Access

Configuring User Access

The process of configuring User access to network resources using IDM is simplified
through IDM’s ability to learn User information from the Active Directory or
RADIUS server, and the use of Access Policy Groups.

If Active Directory synchronization is enabled, IDM creates an Access Policy Group
for each Active Directory group selected in User Directory Settings preferences and
adds the users assigned to the Active Directory group to that Access Policy Group
in IDM. Users are assigned to Access Policy Groups based on the rules explained in
Using Active Directory Synchronization (see page 2-42).

If you do not use Active Directory synchronization, once you have configured the
Access Policy Groups, you simply assign users to an APG. The next time the user
attempts to log in to the network, IDM uses the rules in the user’s Access Policy
Group to dynamically configure the edge switch to provide the appropriate access to
the network.

Click the Users tab on the Access Policy Group or Domain window to display the
list of users. (See “Domain Users tab” on page

14.)

The Users list identifies every defined user and contains the following information
for each user:

Table 3-10. Users list parameters

Column

Displays...

*

Whether the user is currently logged in:

User is logged in.

User is logged out.
The button is greyed out if session accounting is disabled.

Name

Users full name as defined in Active Directory.

Last Login Attempt

Date and time the user last attempted to log in, regardless if the login
failed or succeeded

Auth ID

Identifier used by user to access the network
This will be the user machine's MAC address if MAC authentication is
used for network access. It will be the user's Active Directory login
account name if 802.1x authentication is used for network access.

Device

Device name associated to user

Access Policy Group Access policy group to which the user is assigned

Phone

User’s phone number

Email

User’s email

Owner

Active Directory login account name of the user identified by Auth ID