defguard
defguard copied to clipboard
DefGuard
Ability to automatically assign groups to users
Is your feature request related to a problem? Please describe. Our locations are restricted by groups and our administrators need to manually assign a group to the users before being able to use the VPN. This is an extra step that delay the on-boarding of the user. Also, this may be frustrating for users registering with an external SSO since the admin will not be aware of his registration.
Describe the solution you'd like A default group in the config of the Core should be able to be selected (optional). This will allow all users created (either manually or from SSO) to be able to directly use locations associated to the group. Giving the flexibility to be able to register and use the VPN without extra steps for the admin or the users.
Describe alternatives you've considered None.
Additional context None
@maxime-morel if you are using external SSO there is no need for such a feature.
We support synchronizing groups from external SSO - so if that sso is your primary place for managing users - they should be assigned to groups in that SSO - and then Deguard will synchronize their groups and there will be no need for additional steps in defguard.
Hello @teon,
I understand. Note that will depend of the use case. The External SSO groups might not match the groups used in Defguard. Also some company will not be able to enable the directory synchronization due to the requirement of domain delegation (that's the case with Google).
Finally, this doesn't take into account users not coming from the external SSO.
So this feature might be useful anyway. But I understand that it doesn't exactly fit a typical use case.