NetScaler MAS allows you to extract the group of users existing on the external authentication server, and assign them permissions as their role demands and as per the NetScaler definitions. This has two advantages:
1. You do not have to create users on NetScaler MAS. Though the groups are extracted into the NetScaler MAS server, they are managed on the external servers from the NetScaler MAS rather than adding them on the system.
2. NetScaler MAS performs the authorization of users by assigning group permissions to access specific load balancer virtual servers, and for specific applications on the system. In future, when the particular authentication server is removed from the system, the groups and users will be automatically removed from the system.
1. In NetScaler MAS, navigate to System > User Administration > Groups.
2. Click Add to create a group.
3. On the Create System Group page, type the name of the group, set permissions either as admin or readonly. The other options that you can configure are session timeout, where you can set a timeout limit for the sessions logged in the users of that group, and you can also set the VM instances that can be accessed by the group members.
Make sure that the name of the user group created on NetScaler MAS is exactly the same as that created on external authentication servers. If not, the system will not recognize the group and the group members will not be extracted into the system.
4. In the next screen, you can provide permissions to a particular NetScaler instance. This allows the users to access only that virtual appliance. But, the users can still create a new NetScaler instance in the system and manage that instance.
When you finish creating a group in the system, all the users in external authentication server are extracted into the system. You can check this by selecting the group and clicking Edit. The Users table in Create System Group displays the list of users connected with the group.
If the group name matches the group name on the external authentication server, the user inherits all of the authorization definitions when logged on to the system.