Using active directory to manage Pulse groups and users security

Starting with v6.3.0, the Pulse groups and users security can now be imported from an active directory.

Once used together with WindowsAuthentication set to true, a Windows User’s Windows Group’s Names will be imported and should be automatically created when a user logs in. These newly created group names are also automatically assigned to the user.

This feature is disabled by default and can be controlled via the following parameters in the Pulse.cfg:

[Security]
…
EnableWindowsGroupImport = false
EnableWindowsLogonSessionGroupInclusion = false
EnableWindowsGroupOnlyMode = false
ExcludeWindowsGroupDomains = MicrosoftAccount, Users

Where:

• EnableWindowsGroupImport is to enable / disable import User’s Windows Group names
• EnableWindowsLogonSessionGroupInclusion is to enable / disable inclusion group names which has LogonSession. These types are excluded by default (i.e. LogonSessionId_0_8675753)
• EnableWindowsGroupOnlyMode is to enable / disable access of Windows users to be that of the Windows AD Group assigned to it (together with PUBLIC)
• ExcludeWindowsGroupDomains is help list Windows Group whose domains is preferred to be excluded

Once these settings updated, save the Pulse.cfg file and restart the Pulse Application Server.