Adding endpoints not in AD
In some organizations there is a requirement to secure endpoints not present in the Active Directory Domain. To be able to secure such endpoints you need to create Asset Groups that have a policy configured which allows users to access such endpoints.
Prerequisite
The assets not included in AD can be added into Sectona EPM product using the network scan.
Only after this step you will be able to levy policies for Asset Groups not in AD
Add an Asset Group
To add a new Asset Group, go to Manage Assets → + Add Asset Group→ Asset Group. Fill in the following details:
Title | Entry Information |
---|---|
Asset Group Name | Enter a unique title for your Asset Group |
Group Member Type | Select the Static Group option |
Asset Group Description | Enter the details of the asset group |
Click on Save after you have completed filling out these details.
Following the completion of these steps you can now view the Asset group in the Asset Group section. Now you can add assets into the asset group using the following steps.
Click on the ellipsis (…) icon next to the currently saved access group and select Edit.
Click on the Assets tab.
Click on the check boxes of the assets (not in AD) that you would like to add in this asset group.
Click on the right arrow button to push them to the Asset Group
Now that the Asset Group with the non-AD Endpoint assets is ready, we can create an Asset Group Policy that would be applied to this asset group.
Create an Asset Group Policy
Select on Privilege Management from the sidebar and click on Asset Group Policy.
On the top right click on +Asset Group Policy.
Enter the Policy Overview details.
Title | Entry Information |
---|---|
Policy Name | Enter a unique title for your Policy Name |
Policy Description | Enter a brief description about the policy |
Asset Group | Select the Asset Group just created from the menu displayed |
Allow Elevation Request for Unknown Application | Toggle to activate depending on requirement. |
Allow Execution Request for Block Application | Toggle to activate depending on requirement. |
Policy Status | Set to Active by Default |
After completing these details click on Save.
Now the EPM agent will be able to manage this group of endpoints not present in Active Directory Domain.