Group Authorization for PortalGuard Help Desk Access
You would like to allow access to the PortalGuard Help Desk Console using Active Directory Groups or OU Designations.
Modify the 'User Repository' Configuration in the PortalGuard Configuration Editor, as well as the web.config file for the Help Desk Utility.
- This is currently ONLY supported for the PortalGuard Help Desk Utility. This feature DOES NOT apply to PortalGuard Admin Dashboard Access.
- To support nested group membership in Active Directory, you must set the 'Group Search Filter' on the LDAP Advanced tab of the User Repository to the following Microsoft-specific query:
- If using SQL as a User Repository instead of AD (or some other LDAP), you must have a query defined in the 'User Roles Query' field on the Configuration -> SQL Roles tab in the User Repository Configuration.
- If you have multiple User Repositories defined, this feature MUST be enabled on ALL user repositories or NONE.
Steps for Enabling Support for Active Directory Group and OU Designations for Help Desk Access
- On the PortalGuard Server, launch an Administrative text editor (we recommend Notepad++)
- open the root web.config file for the PortalGuard website
Search for 'Security.GroupAuthz' to find the proper line in the <system.webServer><modules> section
Uncomment the '<add name="GroupAuthz" type="Pistolstar.Security.GroupAuthz"...> element by removing the <!-- text at the beginning of the line and the --> text at the end of the line.
Search for '<GroupRoleAuthZ>' and change the enabled attribute here from "false" to "true":
Save the changes to the root web.config file.
In the same text editor, open the following file:
- i.e. C:\inetpub\PortalGuard\web.config
Set the users value of the <deny...> element to "?" and the users value of the <allow...> element to "*". Your final result should look like the following screenshot:
Save the changes to this file and close the text editor.
Open the PortalGuard Configuration Editor
Navigate to the 'User Repositories' Tab and highlight the Repository that users should be able to manage
Click the 'Edit' button on the right-hand side of the PortalGuard Configuration Editor
Navigate to the 'Features' Tab
Under the 'Help Desk' sub-tab, check the box labeled 'Support Group/Role Authorization?':
Click 'Save' to save these changes.
Click 'Apply to PortalGuard Server' and then click 'Sync' for these changes to take effect.
Open a Command Prompt as Administrator and run iisreset for the changes to take effect.
- This is always required when custom PortalGuard settings are changed in web.config files.
REV. 08/2018 | PortalGuard