How to Configure AUTH:set_usergroup() in FortiADC

Published on: 02-26-2023 By Ashish Magoo

Introduction

FortiADC is an advanced application delivery controller that provides availability, performance, and security for your applications. One of the features FortiADC offers is the ability to manage user authentication through customizable policies. In this article, we will explore how to use the AUTH:set_usergroup() function to set a new user group within the current authentication policies.

Purpose of AUTH:set_usergroup()

The AUTH:set_usergroup() function is designed to update the user group based on the current authentication policy in use. This function allows administrators to dynamically change the user group and realm, thereby overriding the original authentication policy's results. This is particularly useful in scenarios where different access levels or rules need to be applied to different user groups.

Syntax

The syntax for the AUTH:set_usergroup() function is straightforward:

AUTH:set_usergroup("RealmName", "UserGroupName");

The function requires two input parameters:

  • RealmName: The name of the new realm to be set. This is a Lua string with a maximum length of 63 characters.
  • UserGroupName: The name of the user group to be set. This is also a Lua string with a maximum length of 63 characters and must comply with the original definition of the user group.

Usage Example

The AUTH:set_usergroup() function can be used in the BEFORE_AUTH event. Below is an example of how to implement this:

when BEFORE_AUTH {
    r = AUTH:set_usergroup("Realm02", "UserGroup02");
    debug("set_usergroup successfully? %s\n", tostring(r));
}

In this example, the function checks whether the new user group and realm were successfully set. The debug statement then prints the result for verification.

Supported Versions

This functionality is supported in FortiADC version 7.2.x and later. Make sure your system is updated to at least this version to take advantage of the AUTH:set_usergroup() feature.

Conclusion

Leveraging the AUTH:set_usergroup() function adds a layer of flexibility and dynamism to your FortiADC's authentication policies. This allows for more granular control over user access and improves your overall security posture. Feel free to refer to the official documentation for more details: FortiADC Documentation.