Users and groups

A user is an individual who needs access to resources on your network, and a group is a collection of users. After you’ve created users or groups on the appliance, you can reference them in an access control rule to permit or deny access to resources.

Users and groups can be stored on an external authentication server or on the appliance in a local user authentication repository. When an external authentication server, such as LDAP or Microsoft Active Directory, is being used, you create references to existing users or groups stored in that server. These users or groups, as well as local users and groups, are referenced in access control rules to control authorization. You can even query the external directory (looking for users who share certain attributes, for example) and use the results to create a group to use in an access control rule. This is useful when you do not want to create and manage users directly on the appliance.

Creating local users and groups on the appliance is useful to allow external users to access a set of internal company resources, such as a reseller who needs access to a special order status page on an internal system. For deployments without an existing company-wide directory server in place, the local user authentication repository allows group-based policy without the need to install, configure, and maintain another server.

You can define a user or group before referencing it in an access control rule; alternatively, you can define a new user or group directly from the access control rule interface.