When you configure a policy, you must specify the user group on which the policy takes effect. A user group contains multiple users. You can create multiple users at a time by account name, email address, mobile phone number, and organizational structure.
Prerequisites
The identity provider (IdP) is configured. For more information, see Connect an LDAP IdP to SASE.
Create a user group
Log on to the SASE console.
In the left-side navigation pane, choose .
On the Identity Access page, click the User Group Management tab. Then, click Create User Group.
In the Create User Group panel, configure parameters to create a user group. The following table describes the parameters.
Parameter
Description
User Group Name
The name of the user group.
Description
The description of the user group.
Group Scope
The scope of the user group. Valid values:
Account Name: If you set this parameter to Account Name, the Configure Account Name field appears.
Email Address: If you set this parameter to Email Address, the Configure Email Address field appears.
Mobile Phone Number: If you set this parameter to Mobile Phone Number, the Configure Mobile Phone Number field appears.
Organizational Structure: If you set this parameter to Organizational Structure, the existing organizational structures are displayed. You can select the required organizational structure.
Configure Relationship
The relationship for the user group. Valid values:
Equal To
Not Equal To
Click OK.
After the policy is configured, the user group is automatically displayed in the user group list.
You can perform the following operations based on your business requirements:
Edit: Click Edit to view or modify information about the user group.
Delete: Click Delete to delete the user group.
What to do next
After you configure a user group, you can specify the effective scope of a policy. For more information about how to create a policy, see Configure a zero trust policy for private access for Internet access.