Creating an Authentication Domain
When the default authentication domain cannot be used, you need to create a new one.
Context
In most cases, the default authentication domain is enough. In the following scenarios, you need to plan more authentication domains:
- Users adopt different authentication modes or use different authentication servers. You must add the users to corresponding authentication domains.
- AD and LDAP servers have domains. Therefore, you are advised to create an authentication domain on the FW with the same name as the domain name of the user on the server.
If a new authentication domain is configured, users will need to suffix their user names with the authentication domain (format: Login Name@Authentication Domain) during login. If the default authentication domain is used, users need to enter only their login names.
Procedure
- Choose .
- Click Add.
- Configure the authentication domain name and description.
- Optional: Specify the user group associated with the authentication domain.
- Domain Name: When an authentication domain is created, a root group with the authentication domain name is automatically generated. You can plan users and user groups in the root group. This option applies when each authentication domain has independent user accounts.
- Default: No corresponding root group is generated when an authentication domain is created. Instead, the authentication domain uses the organizational structure of the default group. All users/groups created in the menu with the authentication domain
name belong to the default group.
When the user group associated with the authentication domain is changed to the default group, the FW deletes the original group (whose name is the same as the authentication domain) and its subgroups. Exercise caution when you perform the operation.
- Click OK.