Groups
Permission Groups
The DrawBridge console uses the model of Permission Groups: a Person record can be a member of a particular Permission Group, and thus gain the abilities allowed by that Permission Group.
For more information, see Essential Concepts: Permissions and Relationships.
People Groups
Proxy User Groups
A Proxy User Group
is a group of People (similar to Device Groups being groups of Devices).
People in the Proxy User Group are users on the local network which are authenticated to the DrawBridge via the DrawBridge Agent software installed on the endpoint.
A Proxy User Group
can have two origins:
- Created either by manually adding People records to a "standalone" Proxy User Group, or,
- An existing
Directory Group
designated as a Proxy User Group.
Create a standalone Proxy User Group by clicking the + button in the upper right corner of the list view. Give the group a name, specify the minimum permissions required to add People to the group, select any Parent Group if applicable, and ensure that Proxy Users is toggled to Yes.
Note that the list view in Proxy User Groups displays both "standalone" Proxy User Groups, as well as all Directory Groups that have been specified as a Proxy User Group; see below.
Directory Groups
A Directory Group
is a group of People that has been synchronized from another server, for example, an Active Directory server.
A Directory Group
can be designated a Proxy User Group by Editing the Directory Group record and toggling the Proxy Users setting to Yes
.
The advantage of designating a particular Directory Group as a Proxy Users Group is that the (Person) members of that group can be managed on the AD Server; no ongoing people membership maintenance is needed in the DrawBridge.
Changes in Directory Group membership made on the AD server are automatically synchronized via the regular AD--DrawBridge sync job.
Implementation Concept Diagram
This diagram illustrates how People Groups can be assigned to an Access Policy via association with a Device Group.
See How To Guides: Assign a Proxy User Group to an Access Policy for further instructions.