Create User groups

Create new User groups to logically organize the users whose details are fetched from the Active Directory (AD) integrated with the instance. To apply and enforce policies (User policies) to User groups, you must associate the User groups with the Host groups they are allowed to access. Multiple User groups can be associated with a Host group. This way, you can have users from different User groups access the same host. The users are assigned different User policies, and this provides identity-based application access on the host.

For example, create a User group 'Server Tech Support' to group all employees who belong to a group 'Tech Support' in the AD. These employees provide Tech support for servers. Specify the Host groups (endpoints that Tech support employees log into when at work) that they can use when at work and the User policies (on the hosts) for the User group. For example, Server Support Group can access Host groups 'Bangalore-Ofc1-Floor1' and 'London-Ofc2-Floor2' with User policies enforced to Server Tech Support User group. 

Create another User group 'OS Support', associate the group with the Host groups 'Bangalore-Ofc1-Floor1' and 'London-Ofc2-Floor2'. Assign a different set of User Policies for the OS Support User group. 

User Groups page

Go to the Hosts > User Groups page to see the existing User groups in the instance. 

  • Click a User group to view its details in the fly panel.

Column Description

Group Name

Name of the User group

AD Groups or AD Departments

Groups or departments to which these hosts belong, in the integrated AD

Host Groups these Users can access

Xprotect Host groups (endpoints in the Host groups) that the user in the User group can access

Policies

Xprotect policies (One each from the Three supported OS families - Windows, macOS, Linux) assigned to the users in the User group.

Active Users

Number of active (logged in) users in the User group

Created On

Date and time when the User group was created

Modified On

Date and time when the User group was last modified

Create User groups

At the time of creating a new User Group, default Xprotect policies are not assigned to the User group. You must assign custom User policies to the User group. The users logging into the hosts associated with a User group use the Host policies assigned to the Host group.

Users can be grouped by the groups and departments in the AD and the Host groups (hosts/endpoints) that the users use.

  1. Go to Hosts > User Groups.

  2. Click Create New User Group (located at the top-right corner of the page).

  3. Enter a name and description for the User group.

  4. Select AD Groups or AD Departments and select the groups or departments.

  5. Select the Xprotect Host groups that the users in the User group can log into.

    Only Host groups that are allowed to be associated with User groups are listed here ( Allow User Based Policies is set for the Host group).

  6. From the Policies drop-down lists, select the User policies (One each for an OS family) that you want to push to the hosts. These policies are applicable only when users from the User group log into the hosts in the selected Host groups.

  7. Click Save.


Edit User groups

Edit a User group when you want to push a different policy or to select different Host groups, AD groups, or AD departments for the User group. All these cases involve User policy updates on the relevant hosts. After you edit and save the group, the new User policies are automatically pushed to the relevant hosts.

Delete User groups

Deleting a User group deletes all relevant User policies from the hosts to which the User groups were associated. After you delete a User group from the instance, you cannot restore the group. 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.