This topic describes how to define repositories of users and user groups, which you can then use to define authorization for applications published in a Forefront Unified Access Gateway (UAG) portal.

Repositories are databases containing user and group information; a user can be defined as an individual unit or associated with a group. A local group is a repository of users that you define once, and then reuse when defining authorization for portal applications. A local group can contain users and groups from one or more user or group servers. You can include or exclude individual users and groups from a local group. You can duplicate local groups by saving a group with a different name.

Note:
You cannot include local groups within other local groups.

After defining user or group servers and local groups, you can define authorization settings for portal applications.

The following procedures describe how:

To create a local group

  1. In the Forefront UAG Management console, on the Admin menu, click Portal Application Authorization.

  2. On the Local Groups dialog box, click Add.

  3. On the Name Local Group dialog box, enter a name for the group.

  4. On the Add Local Group [GroupName] dialog box, click Add.

  5. On the Select Users and Groups dialog box, in the Look in list, click the server on which the users or groups are defined.

  6. In the Users and Groups in Repositories list, select the users or groups.

    Note:
    Click the search icon to search for users and groups.

  7. Click the view icon to specify the users and groups that you want to be displayed. You can select to show a combination of users, groups, and subfolders. You can click the search icon to search for specific users and groups, in accordance with the view setting you have specified. By default, users, groups, and subfolders, are displayed.

    Note:
    For Active Directory Domain Services (AD DS) and LDAP servers, the Users and Groups in Repositories list shows groups first, followed by users; if you have chosen to display subfolders, these are also listed. The path of the selected folder is shown above the Users/Groups list.

  8. Click Add to add the selected users or groups to the local group.

    Note:
    You can also define users and groups on the Authorization tab of the application properties for applications published in a portal. Select users and groups in the Authorization tab, and then click Save as Local Group to save your selection.

To edit the definitions of an existing local group

  1. In the Forefront UAG Management console, on the Admin menu, click Portal Application Authorization.

  2. On the Local Groups dialog box, select the group you want to modify.

  3. To delete a local group, select the required entry, and then click Remove.

  4. To modify a local group, select the required entry, and then click Edit.

  5. On the Edit Local Group [GroupName] dialog box, click the entry for the group you want to modify.

    The names of the local groups are displayed in the left pane.

    If this group contains other local groups, these are also displayed. The right pane lists all the users and groups that belong to the local group, and indicates whether a user or group is included or excluded from the local group. To change the include or exclude settings, double-click the entry in the Include/Exclude column to toggle the status of the user or group.

To duplicate a local group

  1. In the Forefront UAG Management console, on the Admin menu, click Portal Application Authorization.

  2. On the Local Groups dialog box, select an entry, and click Save As.

  3. On the Duplicate “GroupName” Local Group dialog box, enter a name for the new local group, and then click OK.