It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Map Admins From User Groups of External Authentication Schemes

  • Last updated on

To grant a user administrative access to a Control Center or to a CC managed box, an individual administrator account must be created for every dedicated person. However, if such a user is also part of a group that is handled by external authentication services, the respective accounts must be multi-managed. To avoid this drawback, it is possible to grant administrative access to a Control Center based on user groups from external authentication systems, without the need to explicitly configure an administrator account on the Control Center or on the CC managed box.

Users that gain administrative access via mapping from external authentication services cannot log into the Control Center via SSH. In addition, there is also no whitelist or blacklist in the group filtering.

Before You Begin

Log into your CC on box level to enable external authentication services. For more information, see Authentication.

Step 1. Create a Template to Map the Login Information from External Authentication Services to Your Control Center

  1. Log into your CC.
  2. Go to ADMINS.
  3. Click New Entry...
    create_mapping_template_00.png
  4. The Choose Administrator Name and Scope window opens.
  5. Enter the Name for the mapping information.
  6. From the Range and Cluster list, select the entry that applies to your situation.
    name_mapping_template.png
  7. Click OK.
  8. The Administrator window opens.
  9. From External Authentication, select No authentication (Template Admin).
  10. In the Operative Settings section, select the role from the Roles list.
  11. Click Add to add the role table of Given Roles.
  12. Click OK.
    fill_template.png
  13. Click Activate.

You can now see the mapping information in the table.

template_entry_added.png

Step 2. Map the Account of the External Administrator

  1. Go to CONFIGURATION > Multi-Range > Global Settings > Administrative Roles.
  2. In the left navigation bar, click External Admins.
  3. Click Lock.
  4. From the Enable External Admins list, select Yes.
  5. From Authentication Scheme, select the authentication scheme where the external admin is registered in.
  6. Deselect the Other check box.
  7. Click + to enter an entry to the Definitions table. The Definitions window opens.
    conf_external_admin_01.png

  8. Enter the Name for the definition.
  9. From the Admin template name list, select the entry that refers to your mapping information in Step 1. E.g., MapAdmins.
  10. Deselect the Other check box.
  11. In the Ext. Groups section, click +.
  12. Enter the name of the group the user is a member of in the external authentication service.
    ext_admin_mapping.png
  13. Click OK.
  14. Click Send Changes and Activate.
    ext_admin_mapping_done.png

You can now log into your Control Center as an administrator with the credentials of your external authentication service.