Thread Info
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSP for different users

Ross86

Hi All,

I've got the SMC setup and configured with 3 devices deployed via SSP.  However these are all on one profile and in one group.

How do I deploy a different task bundle to a different user.  For example I have an AD group called MDM with the users in, they sign into the SSP and go through works fine.

I want a different task bundle deployed but can't see where I can have multiple AD groups to acheive this.  I have one company user and couldn't work it out so had to deploy the standard BYOD task bundle/profile and then redeploy the company profile afterwards.

I have for example a group called IOS Devices, points to employee IOS and company IOS compliance rules, but then the SSP can only seem to use one task bundle.

Another issue is how does everyone deploy company devices, do you use the SSP or create device?  If so can you please explain as create device just seemed to be a lot of effort and didn't appear to work very well.

How does everyone work around this?

Thanks!

Ross

:54885


This thread was automatically locked due to age.
  • 0

    Hi Ross,

    if you want to deploy different configurations via the Self Service Portal based on LDAP group memberships you can use the "Group settings". Log in to the SMC web console and go to "Settings | Self Service Portal".
    Switch to the "Group settings" tab.

    In here, you can specify different configurations for different LDAP groups.

    Right now it seems as you only have the default configuration in there.

    You can either specify one specific group using the full Distiinguished Name of the group or use wildcards, e.g. Sales*
    During the user login the SMC server will verify which configuration will apply. The server will verify if the first entry applies to the user and if not, check the next one until one group matches.

    Regarding the comapny device issue, it would be good to get additional information.
    You have the possibility to create them manually (see chapter 15 of the admin guide) or import a list of devices using a CSV file. Please have a look at our KBA 120539 for additional information on the import.

    I hope this helps.

    Best regards

    Stefan

    :54929
    • 0

      Hi Stefan,

      Thanks for your answer.  I have tried doing this however when I first setup the LDAP configuration I pointed it to a specific AD group.  Now when I try to point this to an OU instead of a group it says:

      "The directory configuration can not be modified because 4 devices are still linked to the directory."

      Ok I found adding manually a bit awkward as I tried to deploy/enroll the handset, I then had to manually install the Sophos App... then when I tried to deploy a task bundle it failed. How is it normally done?

      If I can get multiple AD groups to work through the SSP I can just create a company one and BYOD one and use the SSP to rollout both.

      Thanks

      Ross

      :54954
      • 0

        Hi Ross,

        to me it seems as if you are editing the LDAP Configuration of  a customer using the super administrator.

        In there you cannot add several LDAP groups. This configuraiton is only used to specify the group of users who are allowed to log in to the Self Service Portal.

        The spot I was referring to is within the SMC customer in question.

        On the left hand side of the menu, please go to

        "Settings | Self Service Portal". In there, switch to the "Group settings" tab.

        There you should have a configuration like this:GroupSettings.jpg

        There you can add additional SSP configurations for different LDAP groups.

        Hope this helps.


        Best regards

        Stefan

        :54990
        • 0

          Thanks Stefan,

          Here is what I see whan I'm logged into my customer configutration not as superadmin.

          I went back into the superadmin and changed the AD config to look at an OU (is that correct?)  then assumed in the SSP group settings I can sepcify groups under that OU but it says not setup for SSP when trying to login.

          :55187
          • 0

            Hi Ross,

            sorry for the late reply.

            So within the "Group settings" tab, you can now add additonal configurations for your specific groups.

            I did an example for a specific user group "Support" using the exact DN and used "Sales*" to cover all groups starting with "Sales".

            Example.jpg

            Please note: The "Default" config is still there but not part of the screenshot.

            Now, if a user logs in to the SSP it is verified of which group the user is a member. The SMC Server will then go through the configs from top to bottom and once a matching group is found, this configuration will be used in the SSP and all other configs are ignored. If a user is not part of any of the configured groups, the "Default" config will apply.

            Hope this helps.

            Best regards

            Stefan

            :55323
            • 0
              Ok great thanks Stefan, I was getting confused thinking I had to specifiy the OU on user setup, makes sense now :)
              :55474
              Unfiltered HTML