SafeConnect Roles for use with RADIUS

This section includes information that is entirely optional. If there is a desire to return different attributes such as VLAN assignments or any other specific RADIUS attributes such as those needed to perform enforcement, this section describes the steps required to configure this based on a user’s LDAP group memberships. If this functionality is not desired, please skip to the next section.

Step-by-step guide

SafeConnect uses the concept of Enforcement Roles to create sets of RADIUS attributes that can be used assign different access levels, VLANs, etc. Enforcement Roles are used any time attributes must be specified and are not limited to policy enforcement actions.

To access Enforcement Roles, choose “Enforcement Roles” from the left navigation.

The system will auto-configure a set of default roles based on the Vendor(s) chosen in section 3. In most cases, the default roles will be sufficient and no further changes will need to be made. If additional enforcement roles are desired, click the “New Enforcement Role” button. To modify an existing role, click the “Edit” button.

images/download/attachments/6076211/image2018-1-22_16-38-20.png

A sample role that will assign a specific VLAN is provided below. This example with work for VLAN assignment on most Vendors. For more details on the types of information that should be included in each enforcement role, please consult your vendor’s documentation, or the SafeConnect RADIUS-based Enforcement setup document for your specific vendor.

images/download/attachments/6076211/image2018-1-22_16-38-32.png

Next Step (Optional): Configure LDAP authentication

Next Steps (Required): Map Roles to SafeConnect Policy Groups