Add a Trusted User Group Add a Trusted User Group

A trusted user group restricts access to an agent that is enabled for trusted realm authentication. When you create a trusted user group and enable associated agents, only members of the trusted user group can access that authentication agent.

By adding a trusted user group, only users who have a business need to access the resources protected by the agent are allowed to authenticate. For example, by creating a trusted user group for human resource workers, you can limit access to personnel records to those in the group.

Before you begin

• Add a Trusted Realm.

• Configure an Agent for Trusted Realm Authentication

Procedure

1. In the Security Console, click Administration > Trusted Realms > Trusted User Groups > Add New.

2. In the Trusted User Group Name field, enter a unique name for the trusted user group.

   The trusted user group name must not exceed 255 characters.

3. From the Security Domain drop-down menu, select the security domain select the security domain where the policies for this trusted user group are managed.

   Only administrators whose administrative scope includes the security domain you select can manage the trusted user group.

4. Click Save.

View Trusted User Groups Allowed to Authenticate on Specific AgentsView Trusted User Groups Allowed to Authenticate on Specific Agents

You can specify which trusted user groups are allowed to authenticate on a specific agent. Use this procedure to view the trusted user groups that are allowed to authenticate on a selected agent.

Procedure

1. On the Security Console, click Access > Authentication Agents > Manage Existing.

2. Use the search fields to search for the agent that you want to view. \

3. From the search results, click the agent that you want to view.

4. From the context menu, click Trusted User Groups with Access.

Edit a Trusted User GroupEdit a Trusted User Group

Edit a trusted user group to make changes to the name or security domain of the group.

Procedure

1. In the Security Console, click Administration > Trusted Realms > Trusted User Groups > Manage Existing.

2. Use the search fields to find the trusted user group that you want to edit.

3. From the search results, click the trusted user group that you want to edit.

4. From the context menu, click Edit.

5. Make any necessary changes to the trusted user group record.

6. Click Save.

Set Restricted Access Times for Trusted User GroupsSet Restricted Access Times for Trusted User Groups

Restricted access times control when members of a trusted user group can authenticate through associated authentication agents. By default, no restricted access times are assigned to trusted user groups.

Procedure

1. In the Security Console, click Administration > Trusted Realms > Trusted User Groups > Manage Existing.

2. Use the search fields to find the user group you want to restrict.

3. From the search results, click the user group you want to restrict.

4. From the context menu, click Restricted Access Times.

5. (Optional) From the Access Time Templates drop-down list, select a template. Templates are predefined access times that can be assigned to a user group.

6. (Optional) From the Access Times drop-down menu, select the time zone where the user group you want to restrict is located. This allows you to set restrictions based on the time in the user group members' time zone.

7. Use the Access Times boxes to select access time restrictions.

   • Click the time you want the available access time to begin, press SHIFT, and click on the time you want available access to end. This selects a range of hours. The available access time is the highlighted area. The times that are not highlighted are restricted.

   • To select multiple, non-consecutive hours, press CTRL, and click the appropriate hours.

   • To deselect a selected hour, press CTRL, and click on the selected hour.

8. Click Save.

Delete a Trusted User GroupDelete a Trusted User Group

Delete a trusted user group to revoke a user group’s access privileges on a trusted realm.

Procedure

1. In the Security Console, click Administration > Trusted Realms > Trusted User Groups > Manage Existing.

2. Use the search fields to find the trusted user group you want to delete.

3. From the search results, click the trusted user group you want to delete.

4. From the context menu, click Delete.

5. Click OK.

Grant a Trusted User Group Access to AgentsGrant a Trusted User Group Access to Agents

You can select which authentication agents that you want a trusted user group to have permission to access.

Procedure

1. In the Security Console, click Administration > Trusted Realms > Trusted User Groups > Manage Existing.

2. Use the search fields to find the trusted user group that you want to grant access to an agent.

3. From the search results, click the trusted user group that you want to grant access to an agent.

4. From the context menu, click Grant Access to More.

5. Select the checkbox next to the agent that you want the user group to access.

6. Click the agent name, and select Grant Trusted User Group Access to Agent.