Device Portal Concepts¶
aaa_groups¶
The aaa_groups controls the permissions a user will have within the device portal. An aaa_group will map to any group membership that gets received from the authentication backend.
For example, if a user is a member of an Active Directory group called cdp-helpdesk, that group would map to an aaa_group with the same name.
Upon authentication, the backend will provide a list of groups that the current user is a member of; any group that doesn’t already exist gets created in the device portal database.
An administrator can also create groups in advance before any member of that group has logged in.
interfaces¶
The interfaces represent VLANs in your network. There are two types of interfaces, access interfaces or quarantine interfaces.
When a device should have regular network access, it will connect to the access interface. Once the device should be restricted, it will instead move to the quarantine interface.
For example, if you have a group of devices that should connect to VLAN 100 under normal circumstances but to VLAN 112 for restricted access, 100 would be your access interface and 112 the quarantine interface.
It is the admin’s job to create interfaces within the portal, and make sure they are identical to the interfaces defined on the wireless controller and access switches used in the network. The Conscia Device Portal supports both VLAN numbers for interface as well as named VLAN interfaces, so an interface called 100 is as good as one called online, this is all depending on how interfaces are configured in the network devices.
device_groups¶
A device_group grants one or more aaa_groups access to create and manage devices within that group. For each device_group, an administrator will define one access interface and one quarantine interface.
device¶
A device is a member of a device_group and will by default inherit the group level configuration.