Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Managing permissions at scale...

rvandolson
Occasional Contributor
‎08-21-2016 04:12:PM
‎08-21-2016 04:12:PM

Managing permissions at scale...

Have any of you found a successful model for managing granular permissions for users at scale (1500+ users)? We use AD groups, but they've mostly sprawled out of control and it can be challenging to at-a-glance understand what Role/AD group leads to what layer 3 access. Introducing more discipline and oversight into the process might help, but I'm thinking others may have found a better, more scalable way.

Have also considered offloading the access decisions to the firewall layer leaving the Pulse box mostly to handle tunnel termination and authentication.

What have you found works?
0 Kudos
Reply
1 REPLY 1
rma2001
Occasional Contributor
‎08-22-2016 04:22:PM
‎08-22-2016 04:22:PM

Re: Managing permissions at scale...

I think your best bet will be getting AD under control. We use dedicated AD groups for our remote access to give various different roles and make the name mean something. Also, not allowing nested groups within that group (only individual users) will help.
Name something like RemoteAccess-RDP, RemoteAccess-View, RemoteAccess-Meetings, RemoteAccess-SSH, etc.
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.