Setting Group Membership on the PGP Encryption Server (Symantec Encryption Management Server)
search cancel

Setting Group Membership on the PGP Encryption Server (Symantec Encryption Management Server)

book

Article ID: 153663

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

The PGP Encryption Server (Symantec Encryption Management Server) allows you to control how users and devices are sorted into groups.

Users and devices are classified as Consumers on PGP Server.

You can sort consumers into groups by user type, domain membership, dictionary entries or through LDAP values.

Consumers must match your requirements to become members of the group.

This article details how to sort users and devices into PGP Encryption Server Groups.

Resolution

 

  1. Log in to the PGP Encryption Server's web console.

  2. On the Groups page, select the group you want to edit. The Group Details page appears.

  3. Click Group Settings then select the Membership tab.

  4. Determine the method which the Consumers of the group will be matched. The options are:
  • Enable Match Consumers by Domain, Dictionary, or Type
  • Match Consumers Via Directory Synchronization
  1. Place a checkmark next to Enable Match Consumers by Domain, Dictionary, or Type to enable this option.
    This option allows you to sort consumers into the group by matching the specified criteria. You can use this in conjunction with LDAP directory matching.

  2. From the drop-down menu, select the criteria you want to match. Add as many criteria as necessary.

  3. To use the Directory Synchronization option, place a checkmark next to Enable Match Consumers Via Directory Synchronization. This allows you to sort consumers into the group by matching LDAP directory values.
Note: In order to enroll users with their Active Directory Credentials, or group users based on AD Attributes, Directory Synchronization must be enabled.
You can use this in conjunction domain, dictionary, and type matching.

 

  1. For All LDAP Directories, use attribute and value pairs that are common to all the LDAP directories to which the PGP Server refers. Leave this empty if you do not want to use attributes associated with global LDAP directories. Choose whether you want all or any of the attribute and value pairs to be true and apply to the consumer to make the consumer a member of the group.

  2. For any LDAP Directory, use attribute and value pairs that are specific to the LDAP directory you choose. Add as many directories as needed. Choose whether you want all or any of the attribute and value pairs to be true and apply to the consumer to make the consumer a member of the group.
Note: You may also choose to Enable Match disabled Active Directory users to add users disabled in Active Directory to the group.

Matching Active Directory disabled users receive the same policy and permissions as all other group members.