Users, Groups, and Network Policies

Log into SputnikNet, then navigate to the authentication system overview.

Click on "Authentication" under the "CONFIG" menu.

Add a new user authentication system, or select an existing one.

Click on "Add New Authentication System", or on the name of the user authentication system you want to edit.

Name your user authentication system.

Zoom

Be sure "Basic User Database Module" is selected. For more information about creating authentication systems, see online documentation chapter titled "Creating a new Authentication System".

Edit your authentication system settings (optional).

Zoom

Each authentication system has an "Edit Settings" page. The user authentication system has an account self sign-up option. Leave this option unchecked; see the online documentation chapter titled "User Self-Registration" for more information.

Add a new user account.

Zoom

Select "Users" from the "Authentication System" menu. Click "Add New Login" to add a new user account.

Enter basic user account settings.

Zoom

Enter basic settings:

- Login ID: the unique case-sensitive ID the user will log in with; once created, it cannot be edited
- Display Name: the name of the user that appears in the SputnikNet interface and on the page the user sees after a successful login
- Expires: optional termination date for the account, after which it will no longer be active
- Password: password the user will log in with

Enter user account details (optional).

Zoom

Enter more details, if desired:

- Email address
- Title
- Organization

We'll set up groups and assign memberships later.

Add additional user accounts, as needed.

Zoom

You can add as many user accounts as you want.

Add a new group.

Zoom

Groups are collections of users that can have specific network policies. To create a new group, select "Groups" from the "Authentication System" menu and click on "Add New Group".

Enter group settings.

Zoom

Enter basic group settings:

- Group Identifier: unique name for the group; once created, it cannot be edited
- Description: comments or more details about the group

Add additional groups, as needed.

Zoom

You can enter as many groups as you want. Groups are ordered in chronological order - first group created on top. If users are assigned to multiple groups, group policies are applied in that order.

Assign users to groups.

Zoom

To assign a user to a group, click "Users" from the "Authentication System" menu, then click on the Login ID of the user account you want to edit. Check the boxes next to the group or groups you want to assign them to. As noted, if you assign a user account to multiple groups, policies will be applied in group order.

Select a group to view member list.

Zoom

To view the members of a group, select "Groups" from the "Authentication System" menu, and then click on the corresponding Group ID.

Review group member list.

Zoom

The members of the group are displayed. To apply network policies to the group, click on "Group Policies" from the "Authentication System" menu.

Edit group policies.

Zoom

Click "[Edit]" next to the name of the group whose policies you want to edit.

Apply network policies to a group.

Zoom

Click the checkbox next to the name of the network policy (or policies) you want to apply to that group. In this example, "Block Private Nets" and "Content filtering" policies will be applied to authenticated users who belong to the "Members of SF Tennis Club" group.

Network policies are applied to group members in the same order that they are applied to the group itself. For example, if you want to ensure that "Block Private Nets" policies apply before "Content filtering" policies, click the checkbox next to "Block Private Nets", then click the "Update Policies Button". Next, click the checkbox next to "Content filtering" and click the "Update Policies" button again.

To see more detail about a specific network policy, or to modify a policy setting, click on its name.

For more information about network policies, see the online documentation section titled "SputnikNet Network Policies".

Review groups and network policies.

Zoom

Different network policies can apply to various group. Here the SFT Members group will have content filtering applied, and will not be able to access private network resources. SFT Pros don't have content filtering, they can freely access network resources except the blocked finance server.

End user login.

Zoom

Apply your user authentication system to one or more captive portals; apply your captive portals to Sputnik-powered devices.

Users who log in are automatically assigned to the group(s) of which they are members, and network policies are applied to them as soon as they authenticate.