Allow a User Group to Authenticate on an AgentAllow a User Group to Authenticate on an Agent

Use the following procedure to allow a user group to authenticate on a restricted agent or to enable the use of logon aliases on a restricted or unrestricted agent.

Restricted agents process authentication requests only from users who are members of user groups that have been granted access to the restricted agent. Users who are not members of an associated user group cannot use the restricted agent to authenticate.

Using restricted agents increases your control over who can authenticate to a resource. However, using restricted agents also increases your administrative overhead because administrators must explicitly associate user groups with the agents.

To authenticate on a restricted or unrestricted agent with a logon alias, a user must belong to a user group that is associated with the logon alias and that is enabled for authentication on the agent.

Procedure

1. In the Security Console, click Access > Authentication Agents > Manage Existing.

2. Click the Restricted or Unrestricted tab.

3. Use the search fields to find the agents to which you want to grant access or enable logon aliases.

4. Select the checkbox next to the agents to which you want to grant access or enable logon aliases.

5. Do one of the following:

   • For restricted agents, select Grant Access to User Groups from the Action menu, and click Go.

   • For unrestricted agents, select Enable Logon Aliases from the Action menu, and click Go.

6. Use the search fields to find the user groups to which you want to grant access or enable logon aliases.

7. Select the checkbox next to the user groups to which you want to grant agent access or enable logon aliases.

8. Do one of the following:

   • For restricted agents, click Grant Access to User Groups.

   • For unrestricted agents, click Enable Aliases Associated with User Groups.