Adding Users or Groups Manually

When you create an access control rule, one of the things you do is specify the users and groups to which a given rule applies. You must add users before you can specify them in access control rules. Users can be added manually or by using the Active Directory or LDAP directory. To use a directory, click Browse to search the directory. See Adding Users or Groups by Searching a Directory for more information.

To add a user manually

1. In the AMC, navigate to Security Administration > Users & Groups.

2. Select the Mapped Accounts tab

3. Click the +(New) icon.

4. Select Manual entry from the dropdown menu.

   

5. In the Select realm drop-down menu, select the realm to which the user belongs. If the user exists in multiple realms and you want the appliance to search for any occurrence, select Any from the realm list.

6. In the User type, select the type of account to add: Group (default) or User.

7. If you selected Group, in the Group name field type the group name exactly as it appears in the external repository. (Group names are case-sensitive). The name depends on the type of directory to which you are mapping:

   Directory type	What to type
   LDAP	Type a distinguished name (DN). For example: cn=Sales,cn=Users,dc=example,dc=com
   Active Directory	Type a common name (CN) or distinguished name (DN). A CN is easier to enter than a DN (for example, you can type Sales instead of: cn=Sales,cn=Users,dc=example,dc=com) but the CN is not guaranteed to be a unique match. When in doubt, it’s best to use a DN.
   RADIUS	Type a group name. For example, Sales.

   When you specify an Active Directory or LDAP group, its sub-groups (if any) are also included. The number of nesting levels that you want to include when evaluating group membership is configured when you set up an authentication server; see Configuring LDAP with Username and Password and Configuring Active Directory with Username and Password for more information.

   When using an external directory for authentication and you add a user group in AMC, you are not actually grouping users. You are merely adding the name of a user group that is defined in your external user repository.

   The appliance also supports local users and groups. See Managing Local User Accounts.

8. If you selected User, for the User name, type the user name exactly as it appears in the external repository. User names are case-sensitive; the following table explains the syntax used to define users.

   Name selection

   Directory type	What to enter
   Active Directory or RADIUS	Type a user name. For example, jsmith.
   LDAP	Type a distinguished name (DN). For example: cn=jsmith,cn=Users,dc=example,dc=com

9. (Optional) In the Display name field, type the name to display in AMC pages to identify the group or user.

10. (Optional) In the Description field, type a descriptive comment about the group or user.

11. Click Save or Save and Add Another.

    If you enter the name incorrectly the user will not be authorized to access any resources.