How Can We Help?
You are here:
Print

Applications & Groups

An administrator can organize applications into Application Groups. Please see the next section for more information on defining Application Groups. In the Create Application screen or the Modify Application screen, click on the Add Application to Application Group link. The Add/Delete Application Group to Application screen appears.

 To add the Application to High Security Application Groups, select the Application Group(s) in the High Security Application Groups table to which this application should belong, and click Add. The selected Application Group(s) move from High Security Application Groups table to the Application Groups table on the opposite side of the screen.

 To add the Application to Basic Security Application Groups, select the Application Group(s) in the Basic Security Application Groups table to which this application should belong, and click Add. The selected Application Group(s) move from Basic Security Application Groups table to the Application Groups table on the opposite side of the screen.

 Click Submit to update the list of selected Application Groups or click Cancel to abort.

 The Application Group name(s) will be listed in the Selected Application Groups list on this application’s Create Application and Modify Application screens.

NB: Subscription to Application Groups is not applied until after you have clicked the Submit button on the Create Application or the Modify Application screen.

APPLICATION GROUPS
Application Groups allow you to organize applications on the basis of function, logistics or any criteria that suits your organization. zGateway Administrator can create two types of Application Groups:

 High Security Application Group

 Basic Security Application Group

The registered applications can be added to multiple Application Groups of any type. The User Groups and Application Groups make it easier to administer access controls. When creating Access Control Lists, the Basic Security User Groups can be assigned only Basic Security Application Groups whereas the High Security User Groups can be assigned both Basic and High Security Application Groups.

CREATE APPLICATION GROUP
 In the management console, click Access Management > Application Groups. To create a new Application Group click Add.

 Type the group name in the Application Group Name field.

 To create a High Security Application Group, click on the check box for High. To create a Basic Security Application Group, leave it empty.

 Click on the Select Applications link to add applications to this group (see the next section Add Applications to Group for more information).

 Click Submit to create the Application group or click Reset to clear all data from this screen.

 A success message confirms that the Application Group has been created.

ADD APPLICATIONS TO GROUP
When creating an Application Group, you can add applications to it using these steps:

 On the Create Application Group screen click on the Select Applications link. The Add/Delete Applications to/from Application Group screen appears.

 Select the applications in the Applications table that you want to apply to this group and click Add. The selected applications move from the Applications table to the Selected Applications table on the opposite side of the screen.

 Click Submit to select the applications for this group, or click Cancel to abort.

 The popup window will close and the name of the applications will appear in the Selected Applications box on the Create Application Group page.

 Click Submit to save changes or click Reset to remove all data from the screen.

NB: Changes to Application Groups are not applied until after you have clicked the Submit button on the Create Application Group or the Modify Application Group screen.

MODIFY APPLICATION GROUP
In the management console, expand Access Management > Application Groups. Select the application you wish to edit and click Modify. The Modify Application Group screen appears.

 To add application(s) to the group, select names from the Applications table and click Add. Added applications will be listed in the Selected Applications table.

 To delete applications from the Application Group, select applications from the Selected Applications table and click Delete. The applications will return to the Applications table on the opposite side of the screen.

 Click Submit to update the list of applications for this group or click Cancel to abort.

DELETE APPLICATION GROUP

 When in the Application Group screen, click on select all Application Groups, click on the Check all.

 Click Delete to delete the selected Application Group(s).

 When prompted for deletion confirmation, click OK to delete the group(s) or click Cancel to abort.

ACCESS CONTROLS

Access Controls manage the availability of services/applications to users in accordance with corporate policies. Access Controls are primarily specified for user groups or user, although in zGateway they can now be based on Device ID and Endpoint Protection also (see Device ID and Endpoint Access Control section). Through zGateway Access Controls, a user group or specific user is assigned one or more Application Groups as needed. Access Filters can be applied for imposing time-restrictions on access to applications.

Access Controls can be created for Native, LDAP/ADS, and RADIUS User Groups or specific user. The Native User Groups include the default User Groups, and all other HS and BS User Groups created by Administrator. Please see the User Group section for more information on User Groups.

The Access Control Lists for BA User Groups, LDAP/ADS User Groups, and DEFAULT_RADIUS_USER_GROUP can include only BA Application Groups. The Access Control Lists of HS User Group can include both BA and HS Application Groups.

When a user logs on, the Access Control Lists specified for the User Groups to which he/she belongs are activated so that the user can have access to permitted applications.

NB: When a High Security User logs on with Certificate and Password, the Access Control Lists specified for the subscribed HS Users Groups are activated. And when he/she logs on with Login ID and Password, the Access Control Lists specified for the subscribed BA User Groups are activated.

CREATE ACCESS CONTROL

In the management console, click Access Management and then choose Access Controls. Click on the Add button.
Give the Access Control a Name and optionally a description.

In the Select Authorization Server dropdown menu choose your Authorization server from which to fetch list of groups.

 Native: Select Native to use zGateway local database groups. You can filter the Native local groups by clicking the radio button for High Security Group and Low Security Group.

The following default groups can be used for authorization when using local database (Native):
 DEFAULT_USER_GROUP: All users and groups
 SYSTEM: All Security Officers and administrators.
 DEFAULT_BA_USER_GROUP: All users authenticating with basic username/password/token.
 Active Directory / LDAP: If you have setup AD / LDAP as an authorization server choose the server from the dropdown menu.

The following default group can be used for authorization when using AD/LDAP server:
 All Groups: All groups exiting on Ad/LDAP server. In this case the application group would be available to any user authorized by AD/LDAP server.

 Radius

The following default group is used for authorization when using RADIUS server:
 DEFAULT_RADIUS_USER_GROUP: All users authenticated and authorized by RADIUS server.

In Access Control Type choose Device ID or Endpoint Protection type policy to create an ACL for restricting the number of devices per user and type of authentication or else choose Application type in order to define which Application Groups the user group has access to.

In the Select User Group box select the User Group you wish to create an access control for from the list and click Add. In the Select Application Group click on the Application Group to which access is required and click Add. The Application Groups already assigned to a User Group are not shown in the list. Only BA Application Groups are shown in the list for BA, AD/LDAP, and RADIUS User Groups.

Click on the Access Filter drop-down arrow and select the access filter you wish to assign for the Application Group in the same row. The users belonging to the selected User Group can now access the applications in the Application Group during the time slot provided by the access filter.
 Click to Enable or Disable ACL in Access Control State.
 Click Submit to create access control or click Reset to clear all data from the screen.
 A success message confirms that the access control is created.

EDIT ACCESS CONTROL
In the management console, click Access Management > Access Controls.
Click on the check box for the Access Control you want to edit. Click Modify to update the access control(s). You can modify multiple access controls at the same time.

DELETE ACCESS CONTROL
 In the management console, click Access Management > Access Controls.
 Click on the check box for the Access Control you want to edit. Click Delete to delete the selected access control(s).
 When prompted for deletion confirmation, click OK to delete the access control(s) or click Cancel to abort.

Was this article helpful?
4.5 out Of 5 Stars

1 rating

5 Stars 0%
4 Stars 100%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents
Top