Forum Discussion
2 Replies
- Jad_Tabbara__J1Cirrostratus
Hi Malek,
As you said, you will need to create multiple branch (one for each contractor).
There are many ways to manage this but it depends on your config also :
1) If contractors are using their emails to authenticate, based on the domain used you can attribute assign resources (tom@contractor1.com => all contractor1.com goes to branch1 then joy@contractor2.com goes to branch2 and so on)
2) If contractors are populated in a directory, you can make an AD Query or LDAP Query to retrieve the "memberOf" attribute. If your Directory is configured like this, each contractor is in a group (example: contrator1; contractor2;...)...
3) On F5 APM, you could create a local user DB with groups of users, then in the same manner described on option 2 you can make a query to "Local Database". Based on the group returned you can assign a resources.
Hope it helps
Please give me a feedback
Hi Malek,
in addition to what JTI has already explained (performing authorization within APM via the individual usernames), you could also implement custom Radius-Reply AV-pairs on your Radius Server Policies to reflect the users permissions / group memberships.
VPE will be able to read your custom AV-Pairs and enforce rules based on the provided information.
Cheers, Kai