beautypg.com

Google Web Security for Enterprise Administration Guide User Manual

Page 48

background image

Admin Page

51

Each of these groups will be discussed in further detail. For either of these group-
based web access controls to function, you must have a Connector installed
within your infrastructure. If the Connector is not installed, all web requests will be
managed by Alert page that is displayed to users within your organization when
web content is blocked by the default policy.

How the web security service Evaluates / Prioritizes Groups

The web security service evaluates groups using a fast, multi-stage selection
process, which accommodates variations in customer infrastructure and the
Connector configuration.

If the Secure Connector has been configured to send internal group details,
then a check will first be made to see if the supplied group name matches any
groups configured within the web security service. If such a match exists, the
matched group will be selected.

If the group name is absent or unmatched, but user name details are present,
then a further check is made to see if the username has been configured
within an existing group.

If the group is still unmatched, and the internal IP address is present, then a
further attempt is made to match the internal IP address with a group IP
Expression.

If the group is still unmatched, then a further attempt is made to match the
external IP address with a group IP Expression.

Finally, if no match has been made, then the “default” group is selected.

To create or edit a Directory Group:

1.

Click the “Admin” link on the main navigation bar at the top of the screen.

2.

Click the “Groups” button in the “Authentication” sub-service tab in the left
hand column. This will bring up the “Groups” screen.

3.

Click the “Add Directory Group” button at the bottom of the screen. You will
then be presented with a screen in which you can enter in a new “Directory
Group Name”.

4.

Type the name of the group into the provided text field. You must use the
following syntax when specifying a WinNT or Active Directory group:

WinNT://DOMAIN_NAME\GROUP_NAME

WinNT://ACTIVE_DIRECTORY_REALM\GROUP_NAME

5.

The syntax is case insensitive and there may be spaces in the names,
however the names should be spelled exactly as they appear within your
Windows Domain or Active Directory.

6.

To create the new Directory group, click the “Save” button. You will then be
taken back to the main “Manage Groups” page where you will see your new
Directory Group in the Groups list.

See also other documents in the category Google Software: