How can I provide individuals access to my unit's network resources?

Technology Solutions has developed a web application for designated administrators of unit network space to manage the end-users that are authorized to access the respective unit's network.

While the previous OpenVPN/Viscosity solution would place users directly into a VLAN, the AnyConnect solution uses the same address range for everyone regardless of what unit they are in.

However, this does not mean that any VPN user can get to the unit's network. When someone authenticates to the AnyConnect VPN server, a process checks Active Directory group memberships (displayed and managed via this Group Administration tool) to associate individuals with a unit's network, and dynamically creates an Access Control List (ACL) to allow that individual to route to respective network. If someone is not in a unit's group, they are not allowed to send traffic to that unit's network.

Accessing Group Administration Tool

  1. Designated administrators can access https://groups.uic.edu using Firefox, Chrome, or Safari (on Mac) to add and remove users from VPN access to the respective portion of the UIC network. **Note: you must first be connected to the UIC VPN to access this tool.**

    group tool login screen
  2. Select Manage AnyConnect

    start screen
  3.  

Editing Group Membership

  1. Find your respective context to administer (CADA shown as example), and click the pencil icon.

    contexts screen highlighting edit button
  2. You can use Ctrl + F to search for existing members (a search function is currently in development).
    • To addan individual to the group:
      1. Click Add to Context

        where to find add to context button
      2. You will need to enter the individual's NetID, can optionally include an internal tag for your own uses, and must provide a justification for adding the individual.

        add a new user screen
      3. Note that you are not able to add yourself to a group, and you will receive an error if you are not authorized to add an individual to a given group or the individual is already in the group.

        groups error message cannot add self to group groups error message not authorized to add a user to this group
    • To remove an individual from the group:
      1. Click on the trash icon.

        context screen highlighting trash button

         

      2. You can add an internal tag for your own uses, and you must enter a justification for removing the individual.

        delete user screen

Auditing Group and Individual History

  • The application provides access to review the overall history of actions within a given group by clicking on the clock icon at the group list page:

    any connect contexts screen highlighting refresh button
    example history listing
  • Additionally, you can review the history of an individual within a group, by clicking on the clock icon the individual's entry within the group:

    example context screen highlighting refresh button
  • example groups history screen

Details

Article ID: 936
Created
Fri 1/15/21 6:16 PM
Modified
Thu 9/28/23 2:48 PM

Related Services / Offerings (1)

Virtual Private Network (VPN)
The Virtual Private Network service allows you to securely access resources at UIC over a non-UIC Internet connection. While connected to the VPN, the client software works with the operating system to determine when you are accessing an Internet location that the client should protect. When you are accessing such a location, the VPN client encrypts the data.