Product Documentation

Configuring Authorization Groups

When you configure an endpoint analysis scan, you can dynamically add users to an authorization group when the user device passes the scan. For example, you create an endpoint analysis scan that checks the user device domain membership. On NetScaler Gateway, create a local group called Domain-Joined Computers and add it as an authorization group for anyone who passes the scan. When users join the group, users inherit the policies associated with the group.

You cannot bind authorization policies globally or to a virtual server. You can use authorization groups to provide a default set of authorization policies when users are not configured to be members of another group on NetScaler Gateway.

To configure an authorization group by using a session policy

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway > Policies and then click Session.
  2. In the details pane, on the Policies tab, click Add.
  3. In Name, type a name for the policy.
  4. Next to Request Profile, click New.
  5. In Name, type a name for the profile.
  6. On the Security tab, click Advanced Settings.
  7. Under Authorization Groups, click Override Global, select a group from the drop-down list, click Add, click OK and then click Create.
  8. In the Create Session Policy dialog box, next to Named Expressions, select General, select True value, click Add Expression, click Create and then click Close.

After you create the session policy, you can bind it to a user, group, or virtual server.

To configure a global authorization group

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway and then click Global Settings.
  2. In the details pane, under Settings, click Change global settings.
  3. On the Security tab, click Advanced Settings.
  4. Under Authorization Group, select a group from the drop-down list, click Add and then click OK twice.

If you want to remove an authorization group either globally or from the session policy, in the Security Settings - Advanced dialog box, select the authorization group from the list and then click Remove.

Configuring Authorization Groups