How can I provide individuals access to my unit's network resources?

Summary

Technology Solutions has developed a web application for designated administrators of unit network space to manage the end-users that are authorized to access the respective unit's network.

Body

Overview

Technology Solutions has developed a web application for designated administrators of unit network space to manage the end-users that are authorized to access the respective unit's network.

While the previous OpenVPN/Viscosity solution would place users directly into a VLAN, the AnyConnect solution uses the same address range for everyone regardless of what unit they are in.

However, this does not mean that any VPN user can get to the unit's network. When someone authenticates to the AnyConnect VPN server, a process checks Active Directory group memberships (displayed and managed via this Group Administration tool) to associate individuals with a unit's network and dynamically creates an Access Control List (ACL) to allow that individual to route to the respective network. If someone is not in a unit's group, they are not allowed to send traffic to that unit's network.

Table of Contents

Accessing Group Administration Tool

1. Designated administrators can access https://groups.uic.edu using Firefox, Chrome, or Safari (on Mac) to add and remove users from VPN access to the respective portion of the UIC network. **Note: you must first be connected to the UIC VPN to access this tool.**

group tool login screen

 

2. Select Manage AnyConnect

start screen

Editing Group Membership

1. Find your respective context to administer (CADA shown as an example), and click the pencil icon.

contexts screen highlighting edit button

 

2. You can use Ctrl + F to search for existing members (a search function is currently in development).

  • To add an individual to the group:

a. Click Add to Context


where to find add to context button

 

b. You will need to enter the individual's NetID, can optionally include an internal tag for your uses, and must provide a justification for adding the individual.


add a new user screen

 

c. Note that you are not able to add yourself to a group, and you will receive an error if you are not authorized to add an individual to a given group or if the individual is already in the group.


groups error message cannot add self to group groups error message not authorized to add a user to this group

 

  • To remove an individual from the group:

a. Click on the trash icon.


context screen highlighting trash button

 

b. You can add an internal tag for your own uses, and you must enter a justification for removing the individual.



delete user screen

Auditing Group and Individual History

  • The application provides access to review the overall history of actions within a given group by clicking on the clock icon on the group list page:

any connect contexts screen highlighting refresh button
example history listing

 

  • Additionally, you can review the history of an individual within a group, by clicking on the clock icon on the individual's entry within the group:

example context screen highlighting refresh button

example groups history screen

See Also:

Details

Details

Article ID: 936
Created
Fri 1/15/21 7:16 PM
Modified
Tue 10/29/24 5:31 PM

Related Services / Offerings

Related Services / Offerings (1)

Virtual Private Network (VPN)
The Virtual Private Network service allows you to securely access resources at UIC over a non-UIC Internet connection. While connected to the VPN, the client software works with the operating system to determine when you are accessing an Internet location that the client should protect. When you are accessing such a location, the VPN client encrypts the data.