VPN Group Administration Application

ACCC has developed a web application for designated administrators of unit network space to manage the end-users that are authorized to access the respective unit's network.

While the previous OpenVPN/Viscosity solution would place users directly into a VLAN, the AnyConnect solution uses the same address range for everyone regardless of what unit they are in.

However, this does not mean that any VPN user can get to the unit's network. When someone authenticates to the AnyConnect VPN server, a process checks Active Directory group memberships (displayed and managed via this Group Administration tool) to associate individuals a unit's network, and dynamically creates an Access Control List (ACL) to allow that individual to route to respective network. If someone is not in a unit's group, they are not allowed to send traffic to that unit's network.

Accessing Group Administration Tool

  1. Designated administrators can access https://groups.accc.uic.edu using Firefox, Chrome, or Safari (on Mac) to add and remove users from VPN access to the respective portion of the UIC network.

    Groups_Login.PNG

  2. Select Manage AnyConnect

    Manage AnyConnect

Editing Group Membership

  1. Find your respective context to administer (CADA shown as example), and click the pencil icon.

    Groups_Context_List_Edit.PNG
  2. You can use Ctrl + F to search for existing members (a search function is currently in development).
    • To add an individual to the group:
      1. Click Add to Context

        Groups_Context_Membership_Add.PNG
      2. You will need to enter the individual's NetID, can optionally include an internal tag for your own uses, and must provide a justification for adding the individual.

        Groups_Add_User.PNG

      3. Note that you are not able to add yourself to a group, and you will receive an error if you are not authorized to add an individual to a given group or the individual is already in the group.

        Groups_Error_AddSelf.PNG Groups_NotAuthorized.PNG

    • To remove an individual from the group:
      1. Click on the trash icon.

        Groups_Context_Membership_Delete.PNG

      2. You can add an internal tag for your own uses, and you must enter a justification for removing the individual.

        Groups_Delete_User.PNG

Auditing Group and Individual History

  • The application provides access to review the overall history of actions within a given group by clicking on the clock icon at the group list page:

    Groups_Context_List_History.PNG
    Groups_Context_History.PNG

  • Additionally, you can review the history of an individual within a group, by clicking on the clock icon the individual's entry within the group:

    Groups_Context_Membership_History.PNG
    Groups_Context_Membership_HistoryView.PNG

See Also:




Keywords:AnyConnect, groups, vlan, access   Doc ID:75020
Owner:Richard W.Group:University of Illinois at Chicago ACCC
Created:2017-08-01 16:09 CDTUpdated:2019-08-30 12:48 CDT
Sites:University of Illinois at Chicago ACCC
Feedback:  0   0