This guide explains how use the Roles in Clavister IdAuth Cloud, not just to limit access in IP Policies bu also to implement Role-Based Access Control for the specific Clavister OneConnect server.

The guide assumes you are already enrolled as an administrator in the service.

Organizations often require different user groups to access specific resources for security and operational efficiency. In environments where multiple Clavister NetWall firewalls are are deployed, controlling access per OneConnect tunnel interfaces becomes crucial. This guide explains how to use roles within Clavister IdAuth Cloud to manage user access effectively across different VPN gateways.

Introduction

In scenarios where an organization operates multiple OneConnect servers, it is essential to ensure that users can access only the OneConnect server relevant to their role. For instance, some users need access to VPN server A, others to VPN server B, and a select few require access to both.

Clavister Cloud Authentication allows the creation of roles, such as “OneConnect_A” and “OneConnect_B”, to manage access permissions. These roles are assignable to users, enabling precise control over which VPN gateway they can access.

Configuring Roles

1. Add the Role: Define the roles "OneConnect_A" and "OneConnect_B" under Users → Roles.
   
   
   
   
2. Assign Roles to Users: On the user, select one or more applicable Roles.
   
   
   
   
3. Configure NetWall: In Clavister NetWall, set up a OneConnect VPN interface. Assign the created roles to the "User Groups:" setting in each corresponding VPN interface configuration.
   
   

By leveraging roles in Clavister IdAuth Cloud, administrators can tailor user access to specific OneConnect VPN , enhancing both security and usability. This setup ensures that users access only the necessary resources, aligning with best practices for network security and management.

Related articles