Add/Edit User Group Window

Use this ExtremeControl window to add a new user group or edit an existing user group. User groups are rule components that allow you to group together end-users having similar network access requirements or restrictions. You can access the Add/Edit User Group window from the Group Editor or from the user group field in the Add Rule window.

  NOTE: Changes to rule components do not require an enforce. Changes automatically synchronize with the engines on the next status update. Changes do not affect end-systems until the next authentication and/or assessment occurs.

Name
Enter a name for a new user group. You cannot edit the name of a group.
Description
Enter a description of the user group.
Type
Specify the criteria on which the user group is based:
  • Username - a list of usernames which can be based on an exact match or a wild card.
  • LDAP User Group - a list imported from an LDAP Server, organized by Organization Unit (OU), or a custom attribute lookup for any user or MAC address if they match a AAA configuration entry that assigns the request a valid LDAP Configuration.
  • RADIUS User Group - a list of attributes the upstream RADIUS server returns or attributes the RADIUS client sends.
  • OpenID User Group - a custom attribute lookup for the OpenID server. OpenID User Group can be combined with EAP-TTLS and Entra ID authentication, Captive Portal Registration with Entra ID, EAP-TLS with user authentication, and EAP-TLS with computer authentication.

    • memberOf can be used for group membership checks for both users and computers.

    • extensionAttribute1 through extensionAttribute15 can be used for both users and computers.

    • name of Custom Security Attribute can be used for user authentication.

Match Mode
For LDAP, RADIUS, and OpenID user groups, the Match Mode option lets you select whether to match any or match all of the LDAP or RADIUS or OpenID User Group entries (attribute names) listed below.

For LDAP User Groups, you can also select "Exists", since the username can be used to verify this criteria after the initial authentication (i.e., using Registration). The "Exists" mode is not available for RADIUS User Groups because they cannot be verified after an initial registration as the user credentials are not stored on the ExtremeControl engine for re-verification.
Username Entry Editor
Use the buttons to add, edit, or delete entries in the group. Usernames can be an exact match or use wildcards.
Filter
Use the Filter functions to filter for a specific entry based on a numeric value or text.

Related Information

For information on related help topics: