Set up a People Group

Set up a people group to make it easier to manage the people accessing your secure network.

Using a People Group, you can configure the User onboarding options, including Profile name, Conductor, and Airwall Gateways and resources these people have access to.

Note: If you are combining people groups with a third party authentication service such as LDAP or OIDC, you manage permissions in that service with group membership.

What you can do with People groups:

  • Manage trust – You can assign trust dynamically to a people group using tags and a smart device group, or use the tag applied toAirwall Agents and Servers used by people in the group to easily find devices to add to a device group directly.
  • Onboard users – You can use the User onboarding tab to send Airwall Invitations to people in the group and as they're added to the group. (You can also send invitations from the Airwalls page to the people currently in the people group).
  • Set Overlay network permissions – Use the people to set overlay network editors and viewers.
  • Set groups to get alerts – Send event monitor alerts to a people group.
  • Manage groups coming in from a third-party OIDC authentication provider – Create people groups in the Conductor that exactly match the groups on your authentication provider to automatically add members of the group in the authentication provider to the group in the Conductor.
For more information on the types of users, see Understand People Roles and Permissions or Understand People Roles (v2.2.13 and earlier).
  1. In Conductor, go to People, and open the People groups tab.
  2. Select New People Group.
  3. On the Properties tab: Set a name for this people group and add a description or tags, if desired.
    Setting up a group for Third-party authentication: If you are managing people groups with a third-party authentication service, make sure the name matches your group on that service. Then, when you add people on that service, they are included in the people group when they log in.
  4. If you are using a Third-party Authentication service, skip this step. On the People tab: Select the people you want to be a member of this group.
    People group people tab
  5. If you are using this group to onboard users, open the User onboarding tab, and check Provide an activation code for each member of <groupname>. Then, under Configuration, set up how to onboard the users added to this group:
    Set People group User Onboarding General tab
    1. On the General tab:
      • Profile name – Set the name of the profile created on the Airwall Agent or Server for the user.
      • Conductor hostname or IP – Enter the Conductor hostname or IP.
      • Send onboarding email to users – Check to send new users of the group a notice that they have an activation code to connect.
    2. On the Airwall tab:
      • Generated Airwall name – Set the name to assign to the Airwall Agent or Server in the Conductor when the user activates it. The default value sets it to the Airwall Agent or Server type. See the help when you select this box to see other options for autogenerating names.
      • Overlay device IP network (CIDR) – (Optional) The network from which to assign IP addresses to devices as the connect.
        Note: If you use the same IP network in subsequent Invitations, IP addresses will keep incrementing. For instance, if you send out one Invitation starting at 192.168.1.15 with 10 emails and then another with the same IP with 10 emails they all just get a free IP from the network as they come online.
      • Tags – Create or assign tags to people’s devices as they connect. For example, if you’re using tags to create Smart Device Groups that add people’s devices to the right overlays, enter these tags now.

      People group User onboarding Airwall tab

    3. On the Groups tab, you can add the devices people are using to connect to overlays and groups to automatically give them access to resources as they connect:
      • Overlay networks – (Optional) The Overlay networks to add people's devices to.
      • Device groups – Select the Device groups to add people's devices to.
      • Airwall groups – Select the Airwall groups to add people's devices to. For example, you might assign this group to the Employee, Admin, or Vendor group.

      People group User onboarding Groups tab

  6. If this People group is using user authentication:
    1. If you want to grant or block access for this group at particular times, set up Access windows for the group. For more details, see Set Times Authenticated Users can Access the Secure Network.

      People group Airwall agent authentication tab

    2. If you want to manage trust for the people group using tags, underAuthentication tags, enter the tags you want to use to manage trust.
      Note: These tags are applied to the Airwall Agent or Server when people in this group log in to authenticate their session. Tags are removed when the remote session ends. Combined with smart device groups, you can use these tags to dynamically create trust.
  7. Select Create.