Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Group Policies

...

is the place where the account policies are managed. Group Policies contain settings and definitions related to security settings like authentication and password policies, default language and other settings. To use Group Policies effectively you need to know how Permissions, Roles, Groups and Group policies relate to each other.

There is always one Group Policy called Default Group Policy, which is first applied to all users when they sign in. This policy contains the default settings for all user accounts in the namespace. When there is more than one policy, administration will have to set the order in which the other policies are applied for. This is done on the Group Policies list. This order applies, no matter what route a Group Policy is assigned to an Account. The group policies can be reordered using the Up and Down buttons found on the top bar.

It is important to note, the last set value will be the effective value. This is important to remember ,be cause it is possible to set a setting in multiple Group Policies. It is not recommended, but it is possible, and some times unavoidable.

Pro Tip: Make a good Group Policy design and plan, then document and always implement according to it.

Group Policies are assigned to groups. Groups have policies which are essentially sets of permissions. A policy may also contain a custom role which in turn effects all the users in the group.

Note: Even if it is possible to assign roles directly to users this is not recommended. This possibility may be removed in the future. Role management should always be done using Groups and Group Policies.

Below is an example on defining and using a group policy.

Image Removed

Defining the default language of user
interface for a group of users:

  1. Choose Group Policies > Add policy to add a new Group policy.

  2. Enter a descriptive name in Group policy name field in Core tab as well as a description.

  3. Select () next to the setting you wish to include in the Group Policy.

  4. Select on the setting, and define desired value. (In this case set preferred user interface language has been changed to Swedish and locale setting to Finland.)

  5. Select Save on the top right corner. It is shown green to indicate there are unsaved changes.

  6. Create a group using Groups > Add Group. Use a name that describes the setting you want to apply to this group.

  7. Use tab User Accounts to add members to the group. Click on Save.

  8. Open Policies tab and select the policy you just defined. Select Save to save the settings.

...

Below is another example: Setting a longer allowed web user interface inactivity time for a group of users, for example customer care agents.

  1. Create a Group policy with descriptive name like “Max inactivity 2 hours”, select User interface tab and select Inactivity sign-out and select the value you wish from the drop-down menu.

  2. Create a new group with a descriptive name like “Customer service employees”.

  3. Add the accounts of the customer service employees to the group using User accounts tab.

  4. Select Policies tab, select your new policy on the drop-down menu.

  5. Select Save to save the settings.

  6. System Preferences is only available for user accounts with either role Portal Admin or Portal Auditor. Some selections require even more roles to be selectable.

  7. This selection opens a second level menu with system and service level settings affecting all namespaces and the whole service.